The speed of the internet has fundamentally transformed the way people receive information. Web 2.0 era, social media has had a huge impact on how we interact with others. Participation is massive – millions of internet users are engaged, mainly in their leisure time, and even at work. In fact, the capability of social media offers numerous opportunities for interaction, but it is not without perils. Cyber criminals are utilizing social media to damage the reputation or to steal the identity of their victims. This is an alarming situation, and Swiss Cyber Forum is aware of that. Since October is recognized as Cyber Security Awareness Month, make sure to check our first post of October on tips for email security. Our purpose is to offer resources on data security risks, and therefore, and therefore we decided to cover social media security and how you can minimize the risks associated with it.
Table of Contents
The new landscape of communications
The way we engage with the internet has significantly changed. Social media has opened a world of permanent “anywhere and anytime” access. Social media platforms like Facebook, TikTok, Twitter, Pinterest, Skype, etc., are used extensively for the purpose of communication. Surely, the power lies in the hands of users, given the power to spread ideas through social media to the whole world. In short, social media holds the potential to drastically change the character of our social lives. Public space has also changed because of social media, as new ways that enabled unlimited freedom of speech have emerged.
Moving forward, the internet and social media connect not only people but also businesses worldwide, and interactions between them turned out to be less dependent on the physical location. Businesses are now aware of the endless possibilities that are present with the use of social media and the opportunity to reach a massive audience at any time. However, all parties must identify the challenges that come with being present online.
Cyber threats in social networking websites
A cyber threat refers to a malicious act that seeks to damage data, steal information, or disrupt digital life in general. Cyber threats can be unintentional and intentional, targeted, or non-targeted, and they can come from several sources, including hackers, disgruntled employees, and contractors working within an organization. We categorize threats into 2 main groups: privacy-related threats and traditional network threats.
1. Privacy-related threats
Hundreds of thousands of users use social media or social networking on a regular basis. For that reason, they have attracted the attention of attackers more than any other target in the last years. Privacy concerns require that users never publish and share sensitive data over the web. This information can be utilized by criminals who use social engineering methods to obtain advantages of such information. In short, due to the high usage of social media, users have been exposed to privacy and security threats. These threats include spam, clickjacking, malware, cyberstalking, phishing, inference attacks, or cross-site scripting (XSS) attacks. The bad news is that these threats can spread in a new and more quickly way than ever before.
What is clickjacking?
Clickjacking aka “UI redress attack” is an interface-based attack in which an attacker uses multiple transparent layers to trick a user into clicking on actionable content on a hidden website by clicking on some other content in a decoy website. This can potentially open up numerous vulnerabilities: a user unintentionally downloading malware, visiting malicious web pages, or providing credentials,
What is an inference attack?
Machine learning is becoming more and more powerful and easily accessible. Criminals are also aware of that and they increasingly leverage machine learning to execute automated large-scale inference attacks in different domains. Inference attacks on social networks are executed with the help of machine learning algorithms to predict the sensitive or personal information of a user that they may not want to disclose.
What is cyberstalking?
Cyberstalking means the use of social media, e-mail, or other telecommunication technologies to threaten, harass, or stalk users. So, cyberstalking can be seen as an extension of the physical form of stalking. Cyberstalkers may send unsolicited e-mails, including hate, obscene or threatening mail, which presents a range of emotional and psychological damage for the victim.
What is a cross-site scripting (XSS) attack?
Cross-site scripting is a vulnerable attack on web-based applications, in which malicious scripts are injected into trusted websites. The actual attack takes place when the victim goes to the web page or web application that runs the malicious code. The web page or the application then turns into a vehicle to spread the malicious script to the user’s browser. Depending on the severity of the XSS attack, user accounts may be hacked or Trojan horse programs activated.
2. Traditional network threats
These threats include fake profiles, identity clone attacks, information, or location leakage. Social media is all about openly sharing information with friends. Some users voluntarily share their personal information on their social media accounts. However, the sharing of such sensitive content may have adverse implications for social media users. Attackers impersonate their victims and send friend requests to the target with the aim to infiltrate his or her private circle to steal information. Detecting traditional network attacks requires more sophisticated automated methods, and although there are a number of verification services, there is no proven defense for identity clone attacks yet.
Social media security tips
Social media platforms are a great way to stay connected with friends and others. Consider the following social media security tips to safely enjoy social media.
- Become familiar with the privacy settings: Privacy settings exist for a reason and it is important to keep privacy top of mind when it comes to social media. Privacy settings can help you increase the control you have over how your personal information is handled online.
- Be cautious about sharing too much personal information: The more personal information you share, the easier it may be for a criminal or someone else to use that information to steal your identity.
- Use a strong password: Our lives exist almost completely online with our personal information guarded by password protection. The longer your password is, the more secure your social media accounts will be. If you want to know more about password security, read our blog post – 5 Password Security Best Practices in 2020.
- Use unique passwords for each social media account: Using the same password makes it easy for hackers to gain access to all your accounts. Therefore, it is absolutely crucial that you do not use the same password for Facebook as you do for, say, Twitter, or other social media platforms.
- Regularly check your mailbox to see if there are suspicious login attempts: The suspicious login attempts appear when your social media accounts are accessed from an unverified new device. To help protect your account, the platform you are using will send you an email when the system notices unusual sign-in activity, so check your mailbox to see suspicious account activities, if any.
- Verify who you are connecting with: We advise you to be selective with friend requests and think twice before you accept the request. If you do not know the person, it is better not to accept their request as it could be a fake account. Simply put, when you accept a request, the information and photos on your account that was restricted from public view become viewable by your new friend. We believe that it is not a good idea if you let a total stranger see the information or images on your social media account.
Stay educated, stay secure
Now more than ever it is critical for nearly everybody to stay educated on cyber security and the digital future. It is becoming more apparent that social media is the best way to connect with people across the world. In this blog post, we aimed to increase awareness of social media security, which should not be taken lightly. Follow the social media security tips we shared to take control of your social media space by educating yourself.
Swiss Cyber Forum provides comprehensive training courses designed to provide a big picture of a particular topic on cyber security, or courses customized to suit your interests and needs. For example, our Cyber Security Specialist training with the Swiss Federal Diploma is primarily focused on providing participants with an environment where they can practice cyber security in real-world scenarios and learn how to prevent and handle security incidents. Learn more about it by downloading the info brochure.