Every day, malicious actors prowl social media platforms for potential victims. Here are some cyber-hygiene reminders to keep you safe.

Social networking platforms have become really powerful. Today, the figures confirm the pool of 4.2 billion social network users worldwide, indicating a year-on-year growth of more than 13% (490m new users). In addition, more than 53% of the world’s population are now members of one.

Other than being ubiquitous and addictive, social media platforms are now also known for magnets of cyber threats due to the information that can be mined or planted in them.

Experts at Check Point Software highlight the different techniques used by threat actors to take over accounts:

  • Fake website: Hackers can set up a fake website that replicates the design of the original, even using a similar-looking URL, making it very difficult for the user to detect the deception. An attempt is usually made to get the victim to click on the fraudulent link, usually via an SMS from a well-known brand to inspire confidence in the recipient. It requests an identity check or alerts them that someone is trying to break into their account, to bait them to enter their personal login details.
  • DNS hijacking: This method consists of impersonating the email address of any trusted social network with the aim of acquiring the victim’s personal data through deception to later be used for malicious purposes. If the cybercriminal manages to acquire a person’s social network data, it can be sold on the Dark Web and used to send mass spam emails or chains of hoaxes or other frauds.
  • Infected router: By distributing malware, hackers can access victims’ router and modify the DNS so that when the victims try to access a certain website from their browser, they are taken to another website chosen by the attacker. In this way, once again, the criminal has a clear path to acquire all the assaulted user’s data and use it to advantage.

In order to stay safe…

  1. Check the URL: Be wary of URL text strings that look similar but are faked. Another detail to look out for is that the website has an SSL Certificate. This technology keeps the Internet connection secure and protects any confidential information that is sent between two systems and prevents cybercriminals from viewing and modifying any data that is transferred, including information that could be considered personal. It is recognized at the beginning of the URL through the “s” at the beginning of the URL header https://.
  2. Never click on links: When you receive an email or SMS from any social network email, it is advisable never to click on the link in case it is malicious. It is advisable to use the search engine to go to the website of the company you are writing to avoid a possible scam.
  3. Mind your password hygiene and information sharing: Information theft is a common target for cybercriminals. For many people it is very common to use the same names and passwords on different social media accounts, so stealing data from one gives the attacker the opportunity to do so on the others. Not sharing personal information and not using the same password is one of the best ways to protect yourself.
  4. Be wary of emails suggesting anything to do with log in credentials: Hackers often mine log in credentials by sending fake warning emails to trick victims into a panic and forget all precautions. Once they are tricked into typing-in their user name and password. So, whenever you receive an unsolicited email asking you to change/renew/verify your password or log in urgently to any website, it is essential to NEVER click on the link in the email. If you can verify the message to be legitimate, you can always go directly to the organization’s official website and do whatever necessary from there.
  5. Pay attention to the language: When an attacker sends an email impersonating the identity of any social network, pay special attention to the language used. It is important to look for possible spelling mistakes in emails or on websites, as finding an “o” where there should be a zero. Misspelled company names is another signs that should set off all the alarm bells.

CybersecAsia thanks Check Point experts for these tips and reminders.