It has become near effortless to discover individuals or groups which one can connect with online that share a common characteristic. According to Merriam-Webster, a social network is defined as “a network of individuals (such as friends, acquaintances, and coworkers) connected by interpersonal relationships.” This social network connection is strengthened through the daily use of social media websites and mobile applications. From the DATAREPORTAL 2019 report, 3.48 billion people worldwide actively used social media. At this scale, it is rather easy for cybercriminals to mix in with legitimate individuals and groups or create faux groups and individual accounts. Facebook disabled 2.2 billion fake accounts in the first three months of 2019 according to Facebook’s transparency website.
A large number of fake accounts are connected to bot networks. ”Bot” is online shorthand for robot, a software program that can execute predetermined commands with little or no instruction from a programmer. This makes bots ideal for social media use either fully automated or semi-automated. Cybercriminals can set up bots to interact with potential victims on social media platforms to gain trust and steal an individual’s data. This could take the form of a phishing attack on an individual with personal information the botnet has collected from a social media profile and ongoing interactions.
Cybercriminals can craft compelling emails or SMS text messages from information that is shared openly on social media sites and applications. For example, an individual recently went on vacation and stayed at hotel XYZ. This information is collected by the bots along with more generic information from the individual’s social media profile and passed on to a cybercriminal ready to enact a criminal scheme. The cybercriminal contacts the individual by phone spoofing the hotel’s phone number saying the individual has won a free 4-night stay to be redeemed anytime in the next 6 months. All the individual needs to do is verify information the hotel has on file from the last stay, after which the hotel will send a confirmation link valid for 24-hours to the individual’s email address. These steps are intended to build trust, but the genesis is the bot monitoring an individual’s social media account.
Individuals can protect themselves by following rules of behavior which disrupt the patterns cybercriminals attempt to utilize.
- Set the account to private or invisible. This will shield the page and any post from public viewing.
- Do not accept a friend request from individuals or groups you have not initiated.
- Keep specific information about yourself and your family off social media. Posting a birthday gives cybercriminals one more piece of information they did not have before.
- Disable location services that allow anyone to see where you are at any given time.
- Do not click on ads on social media sites.
- Enable multi-factor authentication if the social media site or application supports it.
More information can be read at the Cybersecurity and Infrastructure Security Agency site on avoiding social engineering and phishing attacks (ST04-014), as well as staying safe on social networking sites (ST06-003).
Bookmark Alabama Cybersecurity website to stay informed on the latest issues and useful tips to stay safe online.