It has been a while, and once again, I want to take a more extensive look at social media threats, and how to improve safety on social media sites.
Be Wary of Unknown Links
Last time I posted, I said to be careful on social networking sites like Facebook. One of the most common ways that cyber criminals are compromising online identities right now is through social networking sites like Facebook. I told you that on these types of sites, if you receive a link or a video that you didn’t know was coming, to contact your friend on Facebook (or other similar sites) and verify that they intended to send it to you. However, the problem is deeper than that. Often when people have their account hijacked, videos or images will get posted to their wall. When you click on these videos, the same kinds of things can occur that take place when you get a malicious video or link in a message. It is important when on social networking sites that if you see a link or a video that links to something that isn’t clearly personal to your friend, you verify that it is safe to click on that link.
Some people have assumed that they could click on the link, and they would still be safe if they didn’t download anything. That often is not the case. Let me explain a little more about what these links do. One recent scam was an Oslo bombing video scam. This scam showed up on Facebook on the 22nd of July, and it took advantage of the recent tragedy in Oslo, Norway. On average, shortly after this scam started, someone was clicking on this “video” about once every second. The way this scam spreads is through “clickjacking.” By clicking on the video, it replicates itself to your wall so that all your friends can see it. If even a few of them click on it, it can spread like wild fire. Clickjacking can also possibly give the malicious individuals behind these campaigns access to your account. These kind of attacks are common on Facebook and Twitter, and might possibly be taking place in Google+ too, though at the moment I have no verified reports of this happening. Due to integration tools for other social media sites, clickjacking has happened through Google+ if you are signed into Facebook or Twitter at the same time. It is also important to note that since this isn’t traditional malware, clickjacking can occur on any operating system regardless of whether you are using Windows, Macs or Linux distros.
Other Malicious Links
As common as clickjacking is, there are also other malicious links on sites that when clicked on, will also ask you to download something. To briefly expand on this, clickjacking generally involves compromising ones online identity or other online information. Links to downloads can serve a variety of purposes, but generally the desired end result is that the user will install malicious software onto their computer, and compromise it. As I’ve said before, unless you were expecting something, do not download anything until you have confirmed with your friend that they intended to send you a download. If you believe that your social networking account has been compromised, change your password right away and contact your social networking site to obtain further advice from them about how you can ensure your account is uncompromised.
Finally my advice from the last post still stands. In general, do not click on any links that you are unfamiliar with, and do not download any attachments that you weren’t expecting. In the very least, confirm that they are legit with the sender. Institutions rarely if ever send attachments. So, if you get an attachment from your bank, promotional company, or some other organization, contact them first to verify that the attachment is legit. If there is ever reasonable doubt that you downloaded an attachment that is not legit, delete it immediately and empty your recycle bin or trash. Be careful out there.