It's common sense to lock your doors or that strongbox where
you keep that very rare edition of Action Comics #1, but when it comes to
social media, users still don't "like" basic security procedures. From
Sarah Palin to The Woz, celebrities and average Joes alike have been victims of
social media hacks.
In an infographic on the security firm VeraCode's website, staff writer Fergal
Glynn sums up the history of malware and viruses on Facebook and Twitter--and
it isn't pretty.
It used to be, that malware or viruses were obtained via
email attachments, file sharing, and visits to certain questionable
websites. Yet according to Glynn,
more viruses were downloaded via Facebook, Twitter and Google+ than visits to
One virus, KoobFace, infected dozens of computers worldwide
and netted an estimated $2 million in profits for cybercriminals...many of whom
were from St. Petersburg, Russia (Facebook later identified all five cyber thieves).
While Koobface never targeted users' financial information,
the names, passwords and contact information was more than enough for them to
obtain account numbers. Since then, Koobface has been outshined by several,
much more vicious and pernicious viruses than Stanislav Avdeyko, Anton
Korochenko, or Roman Koturbach ever imagined.
In 2007, Twitter experienced its first hack when users' SMS
information (the text messaging software ubiquitous on mobile phones) was
hacked. Twitter was hit again by a Trojan hack in 2008, and once more by Koobface
in 2009. The spate of hacks caused the
social media site to take the dramatic step of banning over 350
passwords in 2010, many with names like '123456', 'killer', and 'xxxxxx.’
Fortunately, there are some tactics that users can use to
protect their social media accounts...and themselves.
1) Ditch the easy passwords
According to VeraCode, 60% of social media users have only
alpha-numeric passwords, and 50% are slang terms and proper names, like 'Richard',
'Jackson', and 'United.’
Don't give the hackers any ammunition. Make your passwords
as complex as possible (8 characters or more) and change them every three
months, like your toothbrush. If you're working for a government or news
organization, share your passwords with only your most trusted colleagues. Spell out the consequences for
disclosing them (up to and including termination) and get their assent in
2) Lock your accounts
You wouldn't leave your doors unlocked would you?
Treat your social media account information the same way. Log
out when you’re not using your account. Monitor your accounts for possible
intrusion, keep a log of them, and if necessary, report them to the site's
webmaster or other authority. The more information you have, the better the IT
professionals can catch the bad guys (and make your network more secure).
3) Avoid add-ons
That Facebook app is tempting, but it's also a gateway for
hackers to access your information.
Decline any apps that aren't directly related to your work or
profession, and if your Facebook 'friends' are insistent about roping you in to
the next Farmville fad, stand firm and state your reasons why you're not
interested. If they don't 'like'
the hint, drop them like MySpace.
4) Scan your computer for viruses regularly
If you don't have anti-virus software, get some (we
recommend AVG or Hitman Pro, which scans 'the cloud' for malware). Twitter and
Facebook are vigilant these days, but no one is perfect--and sometimes viruses
5) Keep your web browser current
Browser providers make updates to avoid viruses. Take
advantage of their efforts and update them regularly.
6) Use common sense
If something seems too good to be true, it probably is
(especially those Cyber Monday deals!). Understand that visiting a website may
mean downloading a cookie or software code that not only tracks all of your
movements online and slows down your computer, but also tracks and communicates
your password information by tracking your keystrokes.
Infographic by Veracode Application Security