This post is a guest post by Fergal Glynn
There are tons of social networks, and nearly everyone belongs to at least two. But increasingly, social network activity appears to put users at an increased security risk. A survey by Baracuda Networks reveals that about 13 percent of social media users have had an account hijacked—meaning, an unauthorized user logged in to their account and possibly took unapproved actions on behalf of the account owner.
Even many of those who haven’t had an account hijacked report negative experiences, such as phishing scams, spam and even malware. If you haven’t been hijacked, you may have encountered a hijacker on a friend’s account. One scam, popular on Facebook for a time, involved hackers accessing user accounts and then soliciting the user’s friends for money. These scammers would claim to be on vacation in a foreign country and beg friends to wire money so they could return home, as they had been robbed or mugged.
Most of the time, Facebook users were unconvinced, and the criminals weren’t very good at developing a convincing story, although they’d go to great lengths to be clever. Stolen cell phones, hotels with no power and accessing the internet through a public library across the street were among common elaborate cover-ups when users attempted to get friends on the phone.
Scams aren’t always obvious
While the money transfer scam was pretty obvious to most everyone preyed upon, many social media scams are much more subtle, at least at first. In some cases, random messages are posted on friends’ accounts or news feeds, with tempting messages enticing users to click a link. The message, of course, is bait, and when the user clicks the link, malware can be downloaded to the PC.
Many of these messages are disguised as popular news, appearing to some users like a legitimate message that has been shared hundreds of times by friends of friends. The case of the Osama bin Laden photo, for example, claimed to be an image of the terrorist post-capture by U.S. military. Naturally, this prompted many users to click out of curiosity.
Enterprises protect against social media
Many enterprises have blocked the use of Facebook and other social networks on PCs running on the company’s network. Some are attempting to prevent employees from wasting time when they should be working, but often these social networks are blocked primarily to reduce the risk of infections.
Enterprises who don’t restrict social media usage on the company’s network should, at minimum, create employee guidelines for safe and appropriate social media use. Some organizations take the added precaution of blocking employees’ ability to download any programs from the internet.
To protect themselves, social media users should avoid publishing personal information and protect the information they do provide. For instance, Facebook allows users to specify what types of information should be shared and to whom it should be shared. A wise precaution is to set your privacy settings to display information only to approved contacts.
Of course, it’s also wise to avoid clicking on any suspicious-looking links or opening questionable messages, unless it’s certain the message is legitimate and came directly from the contact in question.
Fergal Glynn is the Director of Product Marketing at Veracode, an application security company that offers malicious code analysis tools.