People use social media for many reasons, including keeping up with old friends, growing a personal brand, sending goofy images to friends, and discussing the news. More recently, however, social platforms are being weaponized for social media cyber attacks.
The state of social media safety
In 2016, security company RSA released a report about cybercriminals on social media. It tracked more than 500 social media groups dedicated to fraud with more than 220,000 members. RSA found that these “fraud-dedicated” groups are trading and selling stolen credit card information, account credentials, and personally identifiable information (PII) in a way that is public, visible, and open to all. Through channels like Facebook groups and internet forums, fraudsters are actively communicating, advertising their services, and transacting on social media. Unfortunately, these abuses weren’t just a passing fad.
Over the past three years, RSA has continued to track the spread and evolution of social media cyber attacks. In its most recent report, the firm found that the situation is getting worse. Social media attacks increased by 43 percent in 2018, and cyber criminals earn nearly $3.25 billion annually by operating on popular social platforms.
People who are active on Facebook, Instagram, and Snapchat are 30 percent more likely to become victims of fraud due to their increased exposure and information sharing. Given that there are 3.2 billion daily active users of social media, according to Emarsys, that puts about 42 percent of the population at risk.
In the current climate, it’s essential that individuals take steps to protect themselves from the risks of social media cyber attacks. This is particularly true when it comes to mobile app security. The explosion of social media adoption and increased time spent on social platforms has been driven by the proliferation of mobile devices and the availability of mobile internet. Mobile fraud (and financial transaction apps specifically) are a critical fraud vector. In mobile fraud, hackers target users via mobile apps to steal personal information, which they can then exploit and sell.
In a 2018 report on the subject, RSA discovered that fraudulent transactions originating from mobile apps increased more than sixfold in only three years, from 5 percent in 2015 to 39 percent in 2018. Mobile channels tend to be less protected than desktop channels because low-friction UX is so prized among mobile device and makers. Unfortunately, this dearth of mobile app security protections leave users vulnerable to attack.
To account for these threats, here are four ways you and your colleagues can protect yourselves from the risks of social media and mobile fraud.
Don’t get phished
Social media cyber attacks are often waged via phishing. Mobile phishing attacks can occur in a variety of ways, from email to gaming apps to sports and weather services to SMS. The best way to prevent phishing attacks is through education, as people have to know the signs of phishing attacks so they can avoid them. Signs of phishing attacks include emails asking for personal credentials, requests for access to sensitive information, email addresses with unfamiliar domain names, intimidating or time-sensitive requests, impersonal greetings, spelling or grammatical errors, and subtle changes in email look and feel.
Fraudsters also use malicious links to deploy financial trojans, malware, and ransomware. Link safety is a key part of mobile app security and avoiding social media cyber attacks. Users should always be careful about what links they click on, whether they’re from social media posts, videos, advertisements, or offers. Don’t click on something unless you know who put it up it and where it leads. Also, look at the larger context. For instance, does the link go to a legitimate site? Is the URL jumbled and longer than it should be? Is it shortened to conceal the real destination? Hackers can use URL encoding to hide red flags, so examine the full URL before clicking.
Mobile app due diligence
People tend to click before they think when they are using mobile devices, especially when they are operating in an app store. When it comes to downloading apps, it’s wise to exercise caution. RSA’s research indicates that about one in every 20 fraud attacks is associated with a rogue mobile app. These apps can be found in major app stores and may be disguised as legitimate, but once they are granted access to your phone, they can take over the device and collect the data stored within. Make sure that you verify where each app comes from and understand what kinds of permission it requires. Keep in mind that reviews can be fake and try a quick web search in your device’s browser to get a better idea of an app’s legitimacy.
Social media sites and mobile apps are ultimately parts of a larger whole. There are many ways hackers can gain access to your PII to perpetrate fraud—the Internet of Things, for example, can raise security risks—so taking a holistic approach to cyber hygiene is key to protecting your assets.
In addition to the tips outlined above, you can reduce your risk of fraud by investing in devices that come with security features embedded, such as HP printers, which can keep endpoints secure from unauthorized firmware and prevent attempts to communicate with unknown contacts.
In today’s threat environment, no channel is guaranteed to be safe, so it’s critical that you stay on your toes and maintain a healthy skepticism in your online dealings.