With the continuing rise in the popularity of social media platforms as more people embrace posting personal details of the minutiae of everyday life, hackers are mining their information to commit more fraud.
Fraudsters are becoming increasingly shrewd by diving into social media to capture personal details of their victims and thus compelling companies, banks and other financial institutions to turn to more sophisticated technology to thwart cyber attackers.
While cyber criminals already have basic information such as your mother's maiden last name, consumers are contributing to the efforts of fraudsters who may not need to hack into their accounts to retrieve sensitive financial and personal data.
Too many apps have location tracking built into their software by default. When you post to Facebook, Facebook messenger, Instagram and Swarm, you may not have to avoid geotagging and check-ins “completely, but you should certainly take control of the process,” said Amy Baker, vice president at Wombat Security Technologies, a Pittsburgh, Pa.-based provider of cyber security awareness and training products.
Manage the settings on all your devices and disable the access for the software for applications where you do not want to automatically share your location.
“You should also have a good understanding of how apps use and display this type of data,” she said.
Instagram is a “great” example, because few people are aware that the geotagged images are added to a “Photo Map,” Baker said. This means your followers can focus on the locations where the photos were taken.
Start by disabling the geotagging option in your camera settings and also consider turning off location tracking unless it is for an app which requires this functionality such as navigation.
“Not only will it help conserve battery life, it will give you better control over your privacy,” she said.
“Every Move You Make”
The desire to share details of your vacation or other outings should be resisted, because all the particulars will remain on the Internet for an eternity even if you delete the posts later.
“Though it may seem harmless to share news about an upcoming business trip or to post photos while you’re away on an extended family vacation, you should resist the urge to do so,” said Baker. “Would you walk into a room with 350 people you ‘know’ and shout that you’ll be halfway across the country for the next seven days?”
Learning to have patience is an asset, because it makes your information less valuable to hackers. Waiting to post photos of your vacations means you will not be advertising that you are not home for an extended period of time.
“It’s unfortunate, but scam artists and thieves do use social media to plan their attacks,” she said. “The less inroads you give them, the better. You are also sharing information with people you don’t know very well and that’s why people really need to think about the ramifications of posting certain kinds of personal information.”
Uphold your reputation online and assume that all the information you post “will end up seen by the world such as future employers, colleagues and dates,” Mark Parker, senior product manager at iSheriff, a Redwood City, Calif.-based provider of enterprise cloud security solutions.
Privacy settings do not protect the information you post whatsoever because one of your friends could share the post or take a screenshot of it, he said.
“Think about how many screenshots you have seen of social media activity over the last several months,” Parker said. “A positive online presence can be an asset when seeking employment or business relationships, so maintaining your online reputation should be as important as a good resume.”
Just because it is commonplace to share your birthdate or birthplace, limit the amount of access people have to your personal information, which invites hackers, said Marie White, CEO of Security Mentor, a Pacific Grove, Calif.-based security awareness training provider.
“Even if your account is private, friends may intentionally or unintentionally share your information,” she said. “Accounts can even get hacked, especially for Millennials and Generation Z who grew up sharing information and may not realize that oversharing increases their risk of identity theft.”
The same questions used to identify you when you log into a bank or credit card account can be ones you easily give out unknowingly on social media. Often times the questions ask about your pets’ names, family members or a favorite teacher, said Devin Egan, chief technology officer of LaunchKey, a Las Vegas-based decentralized mobile authentication and authorization platform. “Be careful with the information you post both privately and publicly on Facebook and Twitter,” he said. It will make it easier for an attacker to use that information to do things such as reset passwords and breach your online accounts by accurately guessing the answers to these questions.”
Use Multi-Factor Authentication
The most overlooked and underused security program that is readily available is multi-factor authentication. The major websites and all major social networks offer it because it provides a “great level of protection,” he said. Multi-factor authentication only requires a password and token, so when you login, after entering your credentials normally, there is a prompt to add a random token. The random token is sent to users generally as a text message.
“The benefit to multi-factor authentication is that even if an attacker gained access to your password, they could not log in to your account since they would need the token sent to your device via text message,” Parker said.
Avoid Click Bait
Stop sharing and clicking on click bait, because if “it wasn’t important to you 15 minutes ago, it shouldn’t matter now,” he said. “You don’t really need to know which Star Wars character you are most like.”
The click bait sites are intended to create more traffic so users see more advertising, which increases your risk of being infected with malware which infects your laptop.
Apps Are Often Unsecure
Downloading a social media app on your phone is easy, but determine if it is secure first since recent security research indicates that almost one in five Android apps were malware in disguise, said White.
Review the security and privacy settings of apps, so the amount of information that is shared with the app company and other users is limited, she said.
Create Difficult Passwords
Aside from creating passwords which do not resemble a word from the dictionary, their effectiveness is declining, said Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management. A single authentication factor is not dominating the “race to replace the password,” he said. “When choosing alternatives, businesses will want to consider the ease of use for consumers, the strength of the control and the added costs.”