“Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware.” Wikipedia
The most common form of phishing, and one we have all had to deal with, is email phishing. However, cybercriminals have become increasingly aggressive in using this tactic with other mechanisms like social media.
Many Facebook users have experienced an abnormal amount of friend requests from bogus user accounts and friends’ accounts that have been hacked. I’m sure you have seen the social media post “Don’t accept a friend request from me. It’s not me, I’ve been hacked.”
We are going to give you a couple of ways to protect yourself on social media. But first, check out the blog post from toolbox.com that covers in-depth how the latest phishing campaign has tricked so many users into giving up their info.
Protecting your social media accounts is not hard, but it can feel inconvenient. First, set up 2-factor authentication on your account. This free service that most social media platforms offer will send you a notification to validate your identity before a successful login can take place. Therefore, even if you have been a victim of a phishing attack or you simply have been hacked and your password has been exposed, you will be notified that someone is trying to log into your account. If this happens, it’s time to change your password.
The second tip is to create a strong password that includes a combination of 12 to 18 upper and lower-case letters, numbers, and unique characters. Passwords like “ilovemymom” are easily hackable. However a password like “!L0v3Mym0m2022*” is a lot stronger. Also, don’t reuse passwords. Using the same password on multiple platforms increases the risk of broader exposure. To keep track of all your passwords, subscribe to a password management tool to keep it all organized and easily assessable.
Lastly, when clicking on ads on any website or social media platform, be aware of what the next step is. For instance, the phishing campaigns mentioned in the toolbox.com article state that after a user clicked on the ad, they would be redirected to a phishing landing page that looks identical to the Facebook login page, requesting the user to log back into Facebook. This is how a phishing campaign on social media can get your login credentials.
A quick tip that I like to implement is if you come across an ad that is relevant and you are interested in the product or service, don’t click on the ad before you google the company and/or product that the ad is highlighting. Do your research and always be aware of what the webpage looks like, the URL in the address bar, and never put in your credentials unless you are 100% positive it is safe.
To learn how we help business stay safe online check out our page on Managed Services