With the number and reach of social media platforms increasing every day, it has become normal to post and share many aspects of our lives with friends and followers. However, it is no news that social media platforms aren’t exactly the most secure place to share personal information.
Even seemingly harmless trends and challenges that go viral can be exposing personal data that, if found by the wrong people, can be used for spear phishing or password cyber attacks.
And COVID-19 has brought a drastic spike in cyber attacks, proving that now more than ever, it’s important to be cautious. Knowing that so many workers are moving their offices home, “Hackers are building their marketing list of people that they want to attack, and so they’re using these opportunities to gather all your contacts,” said Cory Carson, CEO of one Del City IT Company.
What Are You Really Giving Away on Social Media?
Most social media challenges don’t come right out and ask you for your mother’s maiden name. But hidden in a list of questions about your childhood may be information on which street you grew up on, your first elementary school, and the town where you were born–all common security challenge questions used by banks and other organizations.
Even photo challenges can lead to revealing specific personal information. You may unthinkingly include the name of your first or current pet in the caption of a pet challenge photo, or a pet’s name might be readable from its collar in the image. Challenges that reminisce on your senior year of high school may give away your school name or mascot, which are also common security questions.
Outside of challenges, if your social media settings are not set to private, anyone on the internet may be able to view places you’ve lived, the profiles of your friends and family, which may give away more information about you, your date of birth, and more.
Cyber Criminals Know How to Use This Information to Their Advantage
If the information you have shared ends up in the hands of cyber criminals, they may be able to use your security questions to reset passwords and block you from your accounts.
Even if they don’t gain information directly relating to security questions, they can use your personal information to spear phish you. This usually comes in the form of an email mimicking a person or organization you trust. So if hackers can learn about where you live, your job, and the organizations and friends you interact with, that can give them ammo to create a phishing attack you’re more likely to fall prey to.
How to Protect Yourself from Social Media-Fueled Cyber Attacks
The first step everyone should take to protect themselves from social media-fueled cyber attacks is to keep accounts set to private. This will limit the access hackers will likely have to your information and allow you to still safely share some things about your life with your friends and family.
If you prefer to keep your profile public to interact with customers or followers, you should never share specific personal information. Even if your account is set to private, the FBI has cautioned against participating in the type of challenges that expose specific personal information.
Another simple strategy for protecting your business and yourself from phishing attacks is using two-factor authentication. With two-factor or multi-factor authentication, even if a hacker gains access to your login credentials, they won’t be able to access your accounts without another factor that only you possess, such as access to an app installed on your phone or a fingerprint scan.
Next time you go to share, consider who could be watching and how much you want your followers to know about you.