The month of October is Cybersecurity awareness month. In this blog post I will teach you how to be safe on Social Media. Almost everyone has some type of social media account. Kids are not the only one that need to be safe on social media, adults can be hacked and fall for scams. Especially for the older generation who are not as tech savvy as the younger generation.
Checking Connected apps or games!
Facebook and other social media sites allow you to connect to apps or games. This allows the app creator to get information from your profile that might be useful for the game, but the game or app creator could abuse this feature to mine information. It is a good habit to check what apps are connected to social media account on the regular. Especially since you can sometimes connect apps and forget to disconnect the apps after use. A malicious app or game could steal your profile picture, post on your behalf or gather information on your profile.
Think before posting!
Before posting or commenting on a post think, if you want this information to be out on the internet forever. Do not post pictures or post information of your vacation. Thieves could use this information to target your house.
You might often see posts like the image below. This information might seem harmless but it could give hackers the information needed to guess your password or guess your security questions.
Be careful what you post, the information you post could be used to try to guess your passwords. Do not post images of you plane ticket, or that you will be away from home during the holidays. A simple image of a plane ticket could reveal your sensitive information. Only post images of your vacations when you come back to your house, that way you do not advertise that your not home.
Be mindful what is in the images before you post, make sure there is nothing sensitive in the background. In 2014, the Super Bowl stadium that was hosting the event accidently broadcasted the Wi-Fi password for the stadium. This is a good example of looking what is in the background of images before posting. Speaking of using public Wi-Fi, be careful when connecting to public Wi-Fi. Do not do anything sensitive on public Wi-Fi like banking, anything related to cryptocurrency. If you want or need to use open or public Wi-Fi, use a VPN so that the traffic is encrypted that way your traffic can not be intercepted.
With cryptocurrencies, you are the bank. You are in charge of your cryptocurrency, it is up to you to protect it. Be careful about posting about how much crypto you own, how you store it, or the wallet addresses. Hackers have been known to target cryptocurrency owners physically. One example is that they might try to use fear by throwing a brick through the window of your house, they might use fear as weapon so you hand the hacker your seed. They might even break into your house and tie you up with the hopes that you give them the seed or wallet information.
Enable Multi-factor Authentication
Multi-factor Authentication which is also known as MFA is used to protect your account. MFA will require you to authenticate with two different methods. Even if a hacker has your password and username, they would need the MFA code to login into your account. You might get a text with a six digit code, or use an app called google authenticator to generate a six digit code before being able to login. Even if you think your account is not worth securing, I highly suggest doing so because they could use your account to hack or scam family members or friends. Your reputation or relationship could be affected. In the modern world, people most likely have multiple emails. You should use certain emails for certain sites. For example use a certain email for all your banking, PayPal, Venmo or cryptocurrency accounts. Since this email is tied to sensitive accounts, I would use MFA on the email. Use a different email for any sketchy sites, use the same emails for all your social accounts. Again I would protect your social media accounts with MFA as well.
When choosing a password, stay away from creating your password with your children, pets or lyrics from your favorite movie or song. NIST recommends that your password should be at least eight characters long. The password should not include a word that is in the dictionary. If you have a hard time remembering a password, try to memorize a sentence and use the sentence as a pass phrase. This is not only easier to remember but is also much more secure. If you can not remember a password, look into using a password manager. That way you only have to remember one password. Of course make sure this one password is really really secure. Use of special characters will make it harder to crack the password. But please do not replace characters like “s” with “$”. Hackers know this trick and will attempt to check those passwords.
Every So Often check your Social Media Permissions
Every so often, check you social media privacy settings. There might be new options that you can choose to harden your account. Make sure that your posts are shared with only people you want. I have my settings set to only allow friends to view my posts. Also do not put your working place, if you are so inclined to listing your job make sure only friends or friends of friends can view it. Do not list your email on your profile, phone number or any identifying information. If you do list your phone number or email, you are likely to get unsolicited emails and phone calls.
Don’t Click Random Links
Before clicking a link, hover over the link to check to see where it goes. Instead of clicking the link, visit the site by directly typing the url in the browser, that way you can be sure it is not a phishing link. Don’t click links sent by random people, especially if they private messaged you. Accepting private messages from strangers is also really bad idea, sometimes scammers will build a rapport with you by talking to you for months, then they will ask for money or try to get you to invest in some type of a scam. Sometimes scammers will create an account with the same name of one of your friends, with the same profile picture and profile information. If you expect that this is the case, contact your friend using a different method of communication to confirm that it is really them.
I have seen first hand where a friend’s Facebook account was hacked, the hacked account tagged maybe ten or twelve people saying they where in a car accident. Once you clicked the link it shows the Facebook login page of course it is a phishing page. A phishing page looks like the real Facebook login page but when you enter your login information it will send the login information to the hackers. If you entered your password there is a good chance that they will use your account to keep spreading this scam. If you see a post like this on your page, comment on the post that it is a scam and report to Facebook.
Don’t let people tag you!
You can have the best operational security, but you can’t control if someone tags you in a picture that you do not want on the internet. I would disable the tag feature on your profile. Also if you have a Twitter ( X ) account, you should disable comments from people that you do not follow, so you do not have to deal with trolls.
Leave a Reply