Just as the typical phishers have figured out how to mimic a legitimate company’s email structure and tone to try and dupe unsuspecting victims, malicious actors have turned to trying to phish on social media. Phishers will target social media users by providing login alerts to the legitimate user. They then go one step further and send erroneous links to a person’s social media messengers or emails. If you find yourself in this situation, do not click on the link but seek out the legitimate site yourself and check your account from there. When in doubt, it is always safest to go back to the original source.
Social engineering is the psychological manipulation of a person to try and get them to divulge some sort of private or confidential information. Malicious actors do not always take the “nice” way out of things by trying to trick you, as some will try and scare information out of you. These cybercriminals take social engineering to social media platforms via direct messages with that typical threatening nature. These DMs will ask for immediate action or else. The “or else” can be an empty threat or it may be threat of exposing private information or pictures. It can also be something under the guise of “click this link immediately!” to get a person nervous enough to click without thinking — these links are usually full of malware and other unsavory cyber risks.
While we all have that one crazy family member or old high school friend we will just quickly scroll passed while on social media because they share too much information with us, this is more of a risk than just being an annoyance to other social mediate users online. Oversharing where you are at all times in real time is a major physical risk because people know you are away from your home or at a specific location. Beyond the physical threats that oversharing your location can present, there are risks of sharing personal things that you always think of or that you hold dear, particularly if you do not practice strong password hygiene. For example, if you post how your lucky number is 4, your anniversary is this day, children’s birthdays are this and that day, and your street you grew up on was Leisure Lane, malicious actors could use this information to try and guess your passwords. While it is common guidance to not use these personal things for password creation, if you do so and you overshare, you’ve created an easily solvable puzzle for the scammers to decipher.
On occasion, we will need to login to our social media accounts again after a long time of not entering such login credentials. However, a cyber attack known as a “false flag” tries to trick the user into entering login credentials by prompting them for such authentication. The prompt asks the victim to update their password; once this has been changed by the unsuspecting user, the attacker steals the username and password for that person and will steal more personal information from that encounter. Users should be aware of any urgent requests from social media sites to reset a password as this is likely a false flag and not legitimate.