Social Media and Malware

Social Media has become wildly popular in recent years. Sites like Facebook, Instagram and Pinterest have millions of users every day. The cybercriminals know that this is a great hunting ground for unsuspecting victims. People need to be aware that not all social media sites are safe or even legitimate.

Social media sites can have infected links. For example, you receive an Instagram picture from a friend. It’s a great picture so you decide to share it by clicking the Facebook “like” button underneath the image. This can be dangerous even if the picture came from a trusted source, it’s a real Facebook button and you are not downloading anything. If you can see the picture, you could have downloaded Malware. If the Facebook “like” link was fake, you also could have inadvertently downloaded Malware.

Malicious software (Malware) can be disguised as a Facebook “Like” button, picture or audio clip. When you click a link or open an attachment, malware can install itself on your device.

Do not include personal information on your social networking profile:

  • Your date of birth, including the year
  • Your phone number
  • Your physical address
  • The name of your high school
  • Your pets name

Users of social media sites were at greater risk of physical and identity theft because of the information they were sharing. If you participate in social networking, you should safeguard your information. Posting your full birthdate and place of birth, phone number, physical address, and any information that could be used to guess your password – such as your mother’s maiden name – could provide fraudsters with information to help them gain access to your financial accounts. So be sure to keep this information safe and update the privacy settings for your profile.

Be careful when you click on a Pinterest "pin" to enter any type of promotion.

Pay close attention to the URL these pins lead to before clicking on them. If the URL doesn’t seem like anything official to you, don’t click it and don’t re-pin it. “Liking” the pin can redirect you to a third party website, have you re-pin the pin or fill in a survey providing personal details. These tricks can install malware or gain access to information about you in order to steal your identity.

Be wary of social network invites

If you receive a message from a friend on Facebook inviting you to join a new social network, you should suspect that the message is fraudulent and contact your friend to verify. Don’t trust that a message is really from who it says the sender is. Hackers can break into accounts and send messages that look like they’re from your friends, but aren’t.

Do not allow access about your contacts

If you join a new social network and receive an offer to enter your email address and password to find out if your contacts are on the network, you should decline the offer and DO NOT allow the social network site access to your email address book. To avoid giving away email addresses of your friends, do not allow social networking services to scan your email address book. The site might use this information to send email messages to everyone in your contact list or even everyone you’ve ever sent an email message to with that email address. Social networking sites should explain that they’re going to do this, but some do not.

DO NOT accept a social media connection request from a stranger even if the person looks honest and knows other people you know

Be selective about who you accept as a friend on a social network. Identity thieves might create fake profiles in order to get information from you. That lack of caution can be extremely costly. Most networking sites contain personal information. When you friend someone, you give them access to that information and that can be used by fraudsters.

Deleting pictures or videos from your social networking sites will NOT permanently remove them from the Internet

You need to contact the support department at the social networking site to make sure they are removed. Assume that everything you put on a social networking site is permanent. Even if you can delete your account, anyone on the Internet can easily print photos or text or save images and videos to a computer.

Do not respond to social media requests

If you receive an e-mail requesting you to update your Facebook, Twitter, LinkedIn, eBay, or PayPal accounts, do NOT click on the link in the email and DO NOT LOGIN and update your account as requested. Before writing your username and password look at the web address in the browser. The fake ones look similar to this: http://k2nxw.com/cgi-bin/login/ or www.paypal5281.com. If you are not sure, log into your real account just like you usually do, by typing the web address in the browser by yourself and not using the links provided.

Use multiple passwords everywhere

It is NOT okay to use the same passwords for social networking sites as long as you use different passwords for home banking type sites. It is correct to use a different password for home banking type sites. However, social networking sites may not have the security of your online financial institution. Therefore using the same password on those sites is like trusting the weakest link in a chain to carry the same weight. Every site has vulnerabilities, plan for them to be exploited.