GUEST BLOG – HOW TO STAY SAFE ON SOCIAL MEDIA (PART TWO)
Dorset Police Cyber Protect Officer Chris Conroy takes another look at how social media can be used against us – and what we can do to protect ourselves.
Hello! Chris here again, with part two of the six ways in which social media can be used against us.
Just to refresh your memories, last time we covered my brush with a fairly incompetent cyber criminal, how details can be skimmed from our profiles, how scammers try to befriend us, and how social media can be used to distribute malware.
This time round, we’ll take a look at three more ways people can get their hands on our information… even information we thought was gone forever…
So, without further ado, let’s jump back in with number four.
4) Malicious apps:
You may remember 2018’s Cambridge Analytica scandal. It rocked Facebook and, for a very short amount of time, made people more aware of how their data could be misused. The issue stemmed from information being collected by apps and games within Facebook, and used to target users with adverts and information relating to political issues.
This is one borderline legitimate way in which our information can be taken. After all, with the Cambridge Analytica case, the information was taken from apps which the user had given permission to access and use their data. Admittedly, it might not have been very transparent, but there are some much worse offenders out there.
Have you ever seen those apps that let you see who has blocked you on Instagram? Or one that lets you see which Twitter accounts follow you back? If you’ve ever used one of those applications, you may well have given an unknown third party complete access to your data.
Apps which offer enhanced features - ones not typically available within the social media platform’s own app or website – are quite likely to be fraudulent. These apps make promises of unlocking “hidden features” in order to hook unsuspecting victims, and misuse the permissions we give them to rifle through our personal data.
Be careful when installing third party applications. Take a look at reviews and comments from other users. If an application, or an app developer, doesn’t look particularly trustworthy, assume it is not.
On installation, the app will ask for certain permissions to be granted. Check these thoroughly, and ask yourself why it needs each permission. If it seems like it’s overstepping the mark with what it wants access to, do not grant it. The same goes for mobile apps too. We’ve seen examples where a torch app on a mobile phone wanted access to text messages. It’s been quite some time, and we still haven’t been able to think of a good reason why the app would need that!
5) Compromised friends:
Have you ever been tagged in one of those posts where your friend seems keen to let you know about a really good deal on Ray-Bans? Or the one that’s doing the rounds at the moment, about a miracle weight loss product?
It’s usually pretty clear when a friend has had their account compromised, and it’s often because they’ve clicked on a dodgy link or something along those lines. However, this isn’t always the case. Phishing emails often play a part in taking over a social media account. This then gives the scammer the ability to interact with their victims as if they are one of their trusted friends, colleagues of family members.
A common practice is to reach out to friends and family to ask for money. It could be that they claim their PayPal account is locked, and they need help with a purchase. It could be that they are in a spot of bother on holiday, and need some money to get home.
You can see how this could be effective. After all, no one wants to leave a friend or family member in a bad situation. The problem being, of course, that the money ends up in the scammer’s pocket.
Don’t forget, as I can attest, it’s not just hacked accounts we need to be mindful of. It’s very easy to clone a Facebook account and send messages in someone else’s name.
Take the time to think about any messages you receive, particularly if they are uncharacteristic. If your friend doesn’t usually ask to borrow money, but have just popped up doing exactly that, it could be a sign that something is amiss.
Try to verify any requests through a different medium, for example through a text message or a phone call. It may be that the friend has absolutely no idea what you’re talking about, which is a clear indication that their account has been hacked.
Do not immediately trust any links you receive, even if they come from a trusted contact, particularly if it relates to an offer that’s ‘too good to be true”.
If you suspect an account may have been cloned, check your messages / contacts. This generally affects things like Facebook Messenger, where you don’t have to be in a person’s friends list to message them. If an account appears in your contacts twice, there’s a strong chance it’s been cloned. You can report cloned accounts directly to Facebook in their apps or on the website.
6) Deleted information:
In the immortal words of C Montgomery Burns, of The Simpsons fame…
“Don’t forget, you’re here forever.”
If you post something online you can delete it, you can edit it, you can do whatever you want, but sometimes it will still be there. Somewhere.
Not every social media site will feature in Wayback Machine, but it’s worth bearing in mind. Things you think are long gone may actually be quite easy to retrieve so, if you post anything particularly sensitive, don’t assume the “delete” button will save the day!
We’re going to loop back to the advice we gave for number one here. Think about what you post. Don’t post anything you wouldn’t want a stranger to see! And remember… once you click “post”, it’s out of your hands. You might be able to delete it, you can never guarantee it hasn’t already been hoovered up by the Wayback Machine et al.
And there you have it. Six ways in which social media can be used against us. This list is by no means exhaustive, of course, but covers some of the key issues. Bear these things in mind when you’re out there in cyber space, and you’ll find it a much safer place.
If you want to ensure you’re as safe as possible, make sure you use long, strong, secure and unique passwords for your social media accounts. This will help prevent someone guessing their way in to your account. Password guidance from CyberAware.gov.uk can be found here.
Once you’ve got your passwords in order, make sure you turn on Two Factor Authentication. This acts as a safety net. Even if someone gets your password, they can’t get into your account. Find out more about Two Factor Authentication, including how to activate it, at www.turnon2fa.com.
All this talk of social media has reminded me… we’re on Facebook (www.facebook.com/dorsetpolicecybercrime) and Twitter (www.twitter.com/dp_cybercrime) too! We try to post timely updates and warnings about ongoing scams, and things you might want to be aware of, so head on over and give us a like.
And, as ever, if you’re part of a community group or business, feel free to get in touch. I’m always on hand for cyber security talks, so drop me an email at firstname.lastname@example.org to find out more.
Lastly, we’ve been hard at work putting together a handy guide to some of our favourite cyber resources. If you want to take a look, it can be viewed and downloaded here.
Until next time, stay safe out there.