We call social networking platforms such as Facebook, LinkedIn, Instagram, and Twitter, “social” for a reason. They are based on users forming connections with one another. The connections are based on family ties, friendship, neighborhood, profession, shared beliefs, mutual interests, and similar views. So it’s not surprising many social media users may be under the illusion they are in the company of well-meaning persons. As so many have belatedly found out though, this can have disastrous consequences on their privacy and online security. Email has for years been the primary means of malware propagation, cybercrime, and data leakage. The rise of social media has nevertheless proven too inviting a target for hackers to resist. Social networks have become a key battleground in the fight against malware, cybercrime, and data loss. There are numerous ways criminals execute malware propagation and cyberattacks via social media. Here’s a look at some of the most common.
Attackers may use malware to hijack a social media user’s credentials and impersonate them. Thereafter, they would send out fake messages and requests to the user’s friends, family, and peers. Often, these messages will include an external link that apparently leads to a reputable website but is, in fact, a URL that’ll run malicious code on the user’s computer, tablet, or smartphone.
At other times, the person’s social media connections will be requested for information that they would otherwise only share with their closest friends and family. There are also instances when malware or a hacker relays lewd photos and videos that tarnish the reputation of the hijacked account’s user.
Phishing is the most common avenue of cybercrime and data loss on social media. The attacker creates a fake profile that masquerades a person trusted by the targets.
In one of the more famous such incidents, spies set up a Facebook profile where they masqueraded as the U.S. Navy Admiral James Stavridis. Admiral Stavridis was at the time the Commander of USEUCOM and NATO Europe. He was an avid Facebook user, which is why the deception was so successful. The result was senior military and government officials in the U.S. and Europe becoming friends with the account, thereby exposing their personal photos, phone numbers, family members, email addresses, and movements.
3. Spam-based attacks
Unsolicited email is what comes to mind when we think about spam. But spam is actually any unsolicited message on any platform. On social media, spam comes in the form of chats, wall posts, and comments. Social media spam has proven to be more potent than its email counterpart for three reasons. First, people spend much more time on social platforms than on email. Second, social media spam can be embedded in legitimate conversation. Third, social networks themselves heavily rely on user flagging to identify, delete, and/or block spam.
The messages will contain malicious links or ads that redirect the social media user to malware or phishing sites. Social media spam may be spread through a fake profile that impersonates a well-known individual. That way, the comments, posts, and chats arouse less suspicion.
De-anonymization is a data mining strategy whereby unidentified information is cross-referenced with known and public data to eliminate an individual’s anonymity. Social media networks thrive on data sharing, contact connection, and content searching. This inadvertently makes them a powerful tool for de-anonymization.
For example, a user’s name plus employer information could be run through a Google search that then unearths all the different sites where the individual’s information appears. With that, it’s much easier for the attacker to map out the identity of their target and use it for fraud or a social engineering attack.
5. Befriending a target’s friends
Social media networks have a raft of privacy settings allowing users to control what information is viewable to friends, followers, friends of friends, and the public. For example, Facebook allows one to determine whether their profile, posts, or photos are visible to friends, friends of friends, or everyone. But this doesn’t mean a cybercriminal or stalker can’t find other means of viewing your restricted information.
For example, an attacker can use a fake profile or even their own profile to connect to their target’s friends. This grants them access to their target’s profile information that’s only visible to friends of friends. They could take this further by befriending multiple friends of their target then later send a friend request directly to their target. Seeing how many of their friends they have in common with the requester will dupe the target into accepting the request under the presumption this is someone familiar.
6. Accidental information leakage
Social media is characterized by users sharing and exchanging information with friends, followers, and fans. Unfortunately, not every user understands what data is confidential or the limits of what they should share. Some will divulge details that endanger their own privacy or that of others.
One of the most common ways this happens is health data disclosed during fund-raising appeals run via social media for someone unable to settle a medical bill or in need of urgent surgery. Tagging or enabling location on your posts could also be used by criminals to launch an attack.
7. Cyberstalking and cyberbullying
Cyberstalking and cyberbullying are two of the darkest traits of the Internet. Famous and ordinary people alike may be harassed through social media via monitoring, threats, hate messages, images, solicitation for sex, and identity theft. Women experience a disproportionate amount of social media stalking, but no one is immune.
8. User profiling
User profiling is necessary when running an advertising campaign on social media. There are certainly advantages to doing this. You can zero in on the exact type of user your message would most appeal to. However, profiling has accidentally led to the leaking of user information. For example, when the number of persons targeted by an ad is too small, you could read the analytics and decipher the identity of an individual who’s part of the ad’s audience. Major social media platforms have gone to great lengths to prevent this, but it can still happen.
Social media malware: A headache that can be overcome
Social media has delivered numerous positive outcomes over the last decade. Friendships have been made, businesses flourished, and causes championed. But social media, like any other technology, can be used for ill intent. You can make social networking platforms work for your good if you recognize the risks and take the appropriate action, including tweaking privacy settings and installing reputable antimalware software. Doing that will increase the odds of your social media experience remaining largely positive.
Featured image: Designed by Stories / Freepik