Can we trust our friends not to make questionable decisions on social media? Apparently not, because our friends might actually be scammers in disguise, or just not well-informed. In this article we freshen up three top tips for staying safe on social networks. But just in case you’re in any doubt about how important it is to proceed with caution on social media, consider these three factors:
- The web is a dangerous place: The security company Sucuri scanned about 10 million websites and found 26% of them were compromised (hosting malicious injections or otherwise blacklisted).
- People are sharing more personal data than ever: That’s not just a hunch, that was the finding of a seven-year study by researchers at Carnegie Mellon University: Silent Listeners: The Evolution of Privacy and Disclosure on Facebook.
- Consumers are not the only victims: Criminals conducting cyber attacks against companies are finding social media a great resource (there are several social media attack scenarios in the recently published Trustwave 2013 Global Security Report).
So what are some strategies for staying safe and minimizing risk while using social media (assuming you’ve decided you can’t live without social networks, which is understandable for many people and companies)?
The sanity check
What do you do when you see a link in a friend’s tweet, Facebook or LinkedIn update, Instagram or Snapchat posting? Do you click on it right away or do you think before you click? Hopefully your brain is wired to follow a pre-click thought process that includes these questions:
- How sensible/relevant is this link? If your friends know you’re not interested in Justin Bieber or Selena Gomez, you should be suspicious of postings about them that seem to come from friends.
- Do I trust the person who posted it? Some people expand their social networking connections by accepting every friend request they get. That is not a good idea. You should not accept requests to connect from people with whom you have connection. Here’s one way to explain this, particularly if you have kids: Would you invite every one of your social media friends over for dinner? If not, who would you not invite? Should those uninvited guests be friends?
- How likely is this post to be from that person? Hopefully you do know your friends on social media well enough to tell if an update is out of character for them. If you see such a post, question them. Their account might have been hacked, or it could be a fake. (Bear in mind their are more than 70 million fake Facebook accounts out there right now and several million of those are thought to be malicious.)
- Can I get to the linked content through a more trusted channel? If you see a news report on social media that a famous person has died please check the facts before spreading the story. Phoney news stories are often laced with links that lead you to places you don’t want to go.
The out-of-band strategy
No, I’m not talking about quitting your garage band. The term “out-of-band communication” refers to using one channel of communication to verify what is said in a different channel. Social media is not the only way to communicate. If you have any doubts about anything you see on social media why not verify it via a different communication channel, like the telephone, or SMS, or email, or even face-to-face. Think of the number of ways you can ask your friend Joe this question: “Hey Joe, did you really post that link to a Justin Bieber video?” If Joe really posted it, you have something to talk about. If he didn’t, then he is probably going to thank you for pointing out someone else is posting on his behalf (hint: he should change his password on that account right away).
If you are suspicious about a news story you see breaking on social media, go to a legitimate news website and see it you can confirm it. Most people I know think it’s a lot smarter to be the person who does not spread stories that are wrong or totally made up. In the long run you’re not going to keep a lot of friends if you get a reputation for always repeats everything without doing some kind of fact checking.
The stay informed strategy
If you use social media a lot it makes sense to stay informed about new developments, particularly in the area of scams. Even if you are not keen on social media yourself but work in IT security–or maybe you are your family’s IT security person, riding herd on kids or elderly parents–it is a good idea to keep your finger on the pulse of social media developments.
One website I find useful for this is Facecrooks. In fact, I subscribe to their updates via email to make sure I don’t miss any (just to go the bottom of the main page to sign up). You can also get updates from the Google Alerts service. Try setting one up for social media scams. That’s how I learned about this article describing kids using Instagram and Snapchat to avoid parental oversight.
Bonus tip: The social media scanner strategy
If all of the above sounds like a lot of mental effort, you’re right. The benefits of social media are many, but exemption from critical thinking is not one of them. However, there is some technology that can help you with this task of weeding out the flaky from the factual: social media scanning. As my colleague Righard Zwienenberg described in some detail last month, a social media scanner can protect you against common scams. He recounts the way the ESET Social Media Scanner flagged a “scandalous” Justin Bieber posting on Facebook that was part of a click-jacking scam (a time-wasting and potentially infectious type of scam we have described before).
The ESET Social Media Scanner is free. I recommend using it if you use Facebook. Even well-informed friends have been known to spread links that really should be banned, not for salacious content but for their infectious and deceptive nature.
By Stephen Cobb
ESET Security Expert