The social media landscape has undergone dramatic changes in recent years. With the rise of AI technology and automations linking to various AI services, users are experiencing a whole new era of media consumption over their social media accounts.
These changes however, are not enjoyed only from good will users, but can also be exploited by malicious actors. These malicious actors who have previously relied on classic social engineering or phishing attacks have now in their arsenal AI tools that can be used to fool users quicker and more efficiently.
Why do cybercriminals target social media accounts?
There are many reasons why these bad actors want to target your social media account, with their favorite being the Facebook account of an unsuspected users or businesses. One such reason is to use the account to spread miss-information, or distribute malware/phishing links to the contacts of the owner of that account. In severe cases they might steal financial or personal information from their victims. Another extremely common reason is to use the affected account to perform actions that violate the terms of service of the social media platform, resulting in an account or page termination.
When someone gets access to your social media accounts they immediately get access to all your chats, connected contacts , social media pages you manage and more. All this information can be used by the attacker to invade your privacy and potentially expose and harm you as a person or as a Business. Properly securing your social media accounts is essential to your overall online privacy
How to protect your account
One of the most common ways these attackers operate, is via impersonating support personnel of the social media platform you are in, and trying to extract information or make you click on fake support page links whose sole purpose is to steal your account information ( or personal access token). In our article "How to identify and protect against social engineering attacks" we describe some of the basic things you can do to identify the validity of the action someone ask you to perform, either if that is from a message, and email or a link.
The general rule of thumb is to always be suspicious and ask your self: "Was i expecting to hear from this person/support officer ?". If the answer is usually no, then dig in deeper by following our tips from our previous article.
Never click on any link if you were not expecting to hear from the person in question. Hovering over emails and links and examining the actual contact email and link is another good way to evaluate the validity of the message. I.e an email might be appearing to be from xyz@facebook.com but when hovering over the address to see that it actually is an email from a different email domain not related to Facebook. The same applies to links.
Be cautious as attackers might use domains that look similar to the domain name of your social media platform but if examined properly to have a slight difference or a minor spelling mistake ( i.e facebooc.com or facbook).
Account security measures
Use strong unique passwords
By default you should at the very least have a very strong password, that is also unique to the individual social media platform you are using (i.e do not use the same password for all of your accounts). Avoid using easily guessable information like birthdays or common words.
Most social media platforms these days sent warning emails when they detect you have logged-in from an unusual location. If you receive such email, take immediate action and reset your password to a stronger one
Enable Multi-Factor Authentication (2FA)
Most platforms have the option to enable 2FA. While this option might require you to download an authenticator app on your phone ( i.e Google Authenticator or Microsoft Authenticator), it strongly increases your accounts security against password theft.
Even if an attacker has guessed your password, he will still need a unique code that is generated on your smartphone every 60 seconds in order to be able to login.
Secure your email account
Since your email is often used for password recovery, ensure your email account is also secured with a strong password and 2FA (if possible).
Use strong security questions
It may be tempting to use security questions like, "What street did you grow up on?" or "What is your mother's maiden name?" because they are simple and easy to remember. This information may be publicly available on your social media or because it was stolen in a data breach. Treat your security questions more like a second password, and never use questions that cybercriminals could find the answer to online.
The digital realm demands perpetual vigilance. As technology advances, so do the tactics of those who seek to exploit it. Protecting your online identity is akin to securing your physical home – it requires various measures working in harmony. By implementing the strategies outlined here, you confidently empower yourself to navigate the ever-changing digital landscape. Remember, your digital security rests in your hands, and the time to act is now.
We at GIGAMiT understand the significant risks that social engineering attacks pose to you and your organization and are committed to providing best-practice recommendations for robust security management. Navigating the complex landscape of cybersecurity, especially in today’s environment, can be challenging, but GIGAMiT is here to support your organization every step of the way.