Social media has been the dominant digital platform for the past decade, with billions of combined members connecting every second of every day.
Billions of users mean billions in revenue, but not just for the corporations that control these platforms. It is estimated that cybercriminals earn up to $3 billion a year, exploiting the weak privacy and security settings that social media services use to protect their users.
Even if the platforms lose money to these criminals, it’s their users who pay the ultimate price. Embarrassment, humiliation, blackmail, identity theft – these are only some of the nasty things users have to endure when they become a victim of a cyberattack made using social media.
CRIMINALS EXPLOIT SHARING AND LACK OF PRIVACY
One of the reasons cybercriminals love using social media as a springboard for attacks is that plenty of users have a false sense of security that the platform they’re using is safe. By nature, social media is all about sharing, whether it’s photos, videos, music, links, or information.
These platforms are a treasure trove brimming with personal user data – names, birthdays, addresses, email, photos, contacts, pets – everything a cybercriminal needs to hack into someone’s system or create a false identity. Without safeguards such as identity monitoring and security software, cybercriminals will have a field day attacking vulnerable accounts and systems.
Sharing is engineered into social media apps to make it easier for users, and here lies the problem. Social media platforms have been transformed into a global malware distribution center. Studies have shown that 20% of organizations that have been hit with malware got it through social media. Cryptomining malware and identity theft executables that harvest personal data are easy to get – simply clicking on a YouTube ad could infect your device.
FAKE ACCOUNTS, PHISHING, AND THE DARK WEB
It’s relatively easy to set up a fake account on any of the social media platforms. On Facebook alone, there were 5.4 billion bogus accounts that had to be deleted. Criminals use fake accounts and social engineering to dupe legitimate users into sharing their details, sending money, or clicking malicious links to install malware. Scammers can spoof a real user account by grabbing photos and other public information of their target for extortion or scamming the victim’s family or friends.
Social media platforms are a favorite phishing delivery method for cybercriminals. The combination of trust and a broad reach allows scammers to connect to more people from the target’s contacts for a more believable scam. The dark web is also creeping its way into social media, as threat actors use platforms such as Instagram and WhatsApp to promote and sell hacking tools.
HOW TO PROTECT YOUR SOCIAL MEDIA ACCOUNTS
Despite the privacy issues inherent in social media, it’s not all doom and gloom. These platforms are useful tools that let people connect and stay in touch with family, friends, peers, and businesses. If you use multiple social media platforms regularly, it’s imperative that you put in the effort to secure your accounts.
Review your privacy settings
Some platforms are better than others when it comes to privacy. Make sure you’re only using the ones that value your privacy by giving you control over what information you want to share and if you can set your profile to private. Tweak your social media privacy to the maximum allowable settings without compromising the platform’s usability, and control who can see a post or who can tag you in a photo.
Use a strong password and enable two-factor authentication
Protect your accounts with a unique and robust password. Make sure to enable two-factor authentication (2FA) on all your accounts to make it harder for hackers to break in even though they have your password.
Control your data and avoid sharing everything
Telling people where you were, what you did, what food you ate, and who you were with on a particular day makes it extremely easy for criminals to profile you and learn your habits. Avoid oversharing your life on social media, and never put sensitive information like your passport, birthday, location, work address, phone number, and IDs on a public platform.