Online Social Media Security – How Safe Are You and Your Children?

Online Social Media Security – How Safe Are You and Your Children?

In early December, I was asked to speak to a reporter from Univision Las Vegas about online social media security. The reason for the story was that an online scammer stole the pictures of a little girl and made up a story about how the little girl had been kidnapped. Thankfully, the little girl was at home safe with her family but the fake story aimed to raise funds to pay for a ransom to have her released and people were falling for the scam.

Another worrying trend with photos of children is what has been termed as “digital kidnapping” or baby role playing. In these cases, a person will steal photos of a child and repost the pictures claiming that the children are their own. Parents have found entire profiles filled with pictures of their children with another person claiming to be the person’s mother or father.

While there are risks to posting pictures of your little ones on social media, it does not mean that you should stop sharing those precious moments with far-away friends & family on social media although a survey from the University of Michigan found that 68% of parents are worried about their child’s privacy online and 67% are worried that the photos will be reshared.

There are things that you can do to increase your social media profile security when posting pictures of your children including:

  • Restrict who can see your child’s pictures
  • Restrict the ability to share your child’s picture
  • Use a watermark
  • Turn off location services when posting from your phone

Children aren’t the only victims

Remember the story about how now NFL star Manti Te’o fell for a girl who really never existed over a period of a couple of years? Online romance scams have become so prevalent that they account for higher financial losses than other internet-based crimes with victims typically losing tens of thousands of dollars according to the FBI Internet Crime Complaint Center. There have also been so many victims that there is now a support group called Scam Survivors, with a hotline and information resource center for those that have been duped by online scams.

For years now, fake profiles are created by scammers with duplicated names and profile pictures. And because people still fall for their scams, the fraudsters continue despite Facebook’s attempts to reduce the number of fake accounts. Once a fake profile is created the scammer may begin adding and contact family or friends. Then they start collecting information. And eventually, there comes a message claiming that they had been mugged, lost everything, and are stranded on the streets of a foreign city and in desperate need of help. Some years ago, this happened to my parents who received one such message from one of my brothers saying that he had been mugged in London which prompted my parents to question first how did he end up there and secondly, how did the scammer know to contact them to ask for help?

Other social media online safety tips include:

  • Don’t publicly post about going on vacation. It lets people know that your home will be vacant.
  • Never publicly post your address, home telephone or mobile number.
  • Manage your friends lists. Not all friends are created equal as Stay Safe Online eloquently puts it so categorize your social media friends into groups and restrict the information that you share with them.
  • Privacy settings exist for a reason, so use them! Use privacy settings (such as restricting posts to just select people or groups) when posting personal details.

Social Media Security—Are Hackers Able to Steal Your Information?

Over 75% of US adults use some sort of social media—it’s a great way to keep in touch with friends, family, and even stay up-to-date on breaking news and the latest celebrity gossip. Many of us have accounts across several platforms, such as Facebook, Twitter, and Instagram, making it that much easier for us to keep in contact with people across the globe in a variety of ways.

With all of these connections, however, it is not only easier for us to see what our loved ones are up to, but it also centralizes all of our data for hackers, making it that much easier for them to steal our personal information to use for their own malicious gain. These cyber criminals are able to hack into individuals’ or business’ accounts and some have even been able to hit the majority of users on a single platform at once. With hackers so focused on attacking any and every one that they possibly can, it is important to educate yourself on the types of threats that these cyber criminals pose as well as to learn how to better protect your accounts against potential attack.

How They Do ItWith the recent data breaches of LinkedIn, Tumblr, and the biggest of all (oddly enough) Myspace—consisting of 427,484,128 passwords and 360,213,024 email addresses from both active and dormant accounts (making it the biggest social media data breach to date), social media security has become a hot topic and the question at the top of everyone’s minds is, “Am I next?” While hackers seem to be fairly random in whom they target, there are ways to strengthen your own personal security for your online social networking accounts. Not only should you be prepared against massive platform data breaches, but targeted attacks on individual accounts as well.

While these data breaches are able to target millions of people at once, the most common social media cyber-security crimes are directed attacks on individuals, and are primarily done via sophisticated online phishing.  Hackers hack into existing accounts or create secondary accounts of individuals and pretend to be them—going as far as to steal pictures, birthdays, and ‘liking’ the same pages the victim likes. Then, these criminals add friends and family of the victim, posing as him or her and then making odd requests such as needing cash immediately in order to help them out of a tight spot. It is the modern version of the Nigerian prince scheme, only more people fall for it because it appears to be an actual loved one in trouble. With hackers becoming more creative and shifty, it is growing to be more and more challenging to protect against these threats, and all the more important to protect your social media accounts.

Ways to Protect Against AttackI originally titled this article “Are Hackers Trying to Steal Your Information?”—but the answer to that is always ‘yes.’ Hackers are consistently looking for ways to steal and corrupt as much information as they possibly can. The proper question is, “Is it easy for them to do so?” While there is no silver bullet when it comes to cyber-security, especially regarding social media, here are a few ways to make it harder for these cyber criminals to get your personal information:

  • Use different, stronger passwords—By making your passwords longer and more complex, as well as using a different password for every account you have, you can reduce your chances of being hacked significantly. Even if your information from one site was compromised, for example in a data breach, by having different passwords for your other social platforms, you reduce your risk of having more information exposed, which aids in your overall cyber-security. Facebook CEO, Mark Zuckerberg, had to learn this the hard way when his Pinterest and Twitter accounts were hacked after the LinkedIn breach provided hackers with his login information, including passwords, which were not only weak, and therefore easily hackable, but he used the same one for both sites. Thankfully he didn’t have the same password for his Facebook account, but it just goes to show you that no one is safe from attack if they use the same, easy-to-crack password for every social media site.

 

  • Two-factor authentication—otherwise known as two-step verification, requires users to login not only by entering their password online, but a second, unique verification code sent via text. When there are multiple security steps necessary to sign on to social media, it is harder for these hackers to get to your valuable information. This has proven to be one of the most vital steps in protecting social media accounts; Facebook, Google, and Twitter are currently utilizing this technology, and hopefully more catch on soon (Since their data breach, LinkedIn has implemented this feature as well and encourages its users to take advantage of it).

 

  • Do not add people you don’t know—While this may seem obvious to some, many people add ‘friends’ online all the time who they have never even heard of before. With people hacking into the accounts of people you actually know and pretending to be them in order to extort something out of you or another loved one already, why increase your chances of phishing and hacking by adding a complete stranger?

 

  • Be wary of suspicious messages and posts—Many hackers utilize vulnerable accounts to hack into in order to send friends and family members messages either asking for money or some other odd request. If you receive a message like this from someone you know, contact them in a way other than social media to see if it is really them, especially if the message looks like something out of the ordinary.

 

  • Don’t have sensitive information on your accounts—Most social media platforms give you the option to make certain information private, even from people you know and accept online as ‘friends’ and doing so can really help you strengthen your cyber-security; sensitive information such as your home address or cell phone number can be dangerous to have readily available on social media because it acts as an open door to finding other information about you that could potentially be used by cyber criminals to steal your identity.

There is no surefire way to guarantee your social media accounts won’t be hacked—hackers are working every day to find new ways to get your information. By taking multiple precautionary steps, however, you can make it harder for hackers to get to your information and the information of your loved ones.

—Hailey Carlson, Marketing Intern 6/13/2016

Facebook and Phishing: The New Social Frontier

Facebook and Phishing: The New Social Frontier

With the holidays approaching, it’s not always all about cheer and goodwill. Crime tends to peak during the holidays and cyber crime is included.

Facebook currently has over 1.44 billion users. It’s no surprise that cyber criminals are using this popular social networking service as a gateway to identity theft. An incredibly popular method called ‘phishing’ is a common way for these thieves to trick you in order to gain your personal and financial information. It’s so common that with a simple google search, one can find step by step guides on how to hack Facebook accounts using phishing methods.

So what is phishing and how is it done? To put it simply, phishing is where users are directed to enter details into a fake website that looks and feels like the legitimate one. Basically, these cyber criminals goals are to get you to login to your fake login page and the criminal then successfully gets the Facebook email and password.

PhishingArticlePhoto
Nearly all cyber crime comes from some sort of phishing. National Counterintelligence Executive William Evanina said in a recent interview with the Washington Examiner, “We’ve looked at all of these intrusions and exploitation of personally identifiable information over the years, both government and private sector, and just about 90% of them either started with or were enhanced by a spear phishing success.”

Recently, a colleague shared an experience he had on Facebook. He had received a friend request from someone who he thought he was already friends with. He assumed that maybe his friend had accidentally removed him and was re-adding him. After some small talk, my colleague’s friend sent him a message with a link that said “Hey, have you checked this link out?”

My colleague had an odd feeling at this point. In conjunction with the unique scenario and the poor spelling, he realized something was not right. He then asked his friend “Hey, how exactly do we know one another?” The friend responded but brushed the question aside, “We’ve been friends forever.” After a little more back and forth, the friend refused to share details on their friendship. My colleague successfully avoided this likely phishing attack. Had he clicked on that link, he would’ve been asked for his password, and had he entered it, he would’ve had a problem on his hands.

These phishing attacks can come in many forms. It may look like Facebook is emailing you about a photo violation or maybe a friend is sending you a holiday e-card. Warning bells should go off immediately if it links you to a website and asks you for your password. Odd spelling and a poor use of English is also a dead giveaway when it comes to cyber crime.

Facebook addresses how to keep your account safe with the following tips:

  • Protect your password. Use a combination of at least 6 letters, numbers and punctuation marks. Avoid including your name or common words. Your password should be difficult to guess. Don’t use your Facebook password anywhere else online and never share your password.
  • Never share your login information (ex: email address and password). Sometimes people or Pages will promise you something (ex: free poker chips) if you share your login info with them. If you’re ever asked to re-enter your password on Facebook (ex: you’re making changes to your account settings) check to make sure facebook.com is still in the URL (web address).
  • Log out of Facebook when you use a computer you share with other people. If you forget, you can log out remotely.
  • Don’t accept friend requests from people you don’t know. Sometimes scammers will create fake accounts to friend people. Becoming friends with scammers might allow them to spam your Timeline, tag you in posts and send you malicious messages. Your real friends might also end up being targeted.
  • Never click suspicious links, even if they come from a friend or a company you know. This includes links sent on Facebook (ex: in posts) or in emails. If one of your friends clicks a spam link, they could accidentally send you or tag you in spam. If you see something suspicious on Facebook, report it. You also shouldn’t download things (ex: a .exe file) if you aren’t sure what they are.
  • Watch out for fake Pages and apps/games. Be suspicious of Pages promoting offers that are too good to be true. If in doubt, check to see if a Page is verified. Be mindful when you install new apps or games. Sometimes scammers use bad apps and games to gain access to your Facebook account.
  • Log in at www.facebook.com. Sometimes scammers will set up a fake page to look like a Facebook login page, hoping to get you to enter your email address and password. Make sure that you check the page’s URL before you enter your login info. When in doubt, you can always type facebook.com into your browser to get back to the real Facebook.
  • Update your browser. The newest versions of internet browsers have built-in security protection. For example, they might be able to warn you if you’re about to go to a suspected phishing website. Facebook supports: Mozilla Firefox, Safari, Google Chrome, and Internet Explorer.
  • Run antivirus software. To protect yourself from viruses and malware, scan your computer.

Axiom Cyber Solutions is offering Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom