kasperskylabSocial media managers are faced with a number of security threats.

According to a survey of Nexgate, a social media security pioneer the biggest security risks of Fortune 100 companies, are unauthorized accounts (for example from fans, employees or for the purpose of protest), incorrect content (malware links, phishing messages or other spam) and account hacks.

Nexgate spent a year on investigating the safety risks for the social media sites of Fortune 100 companies and revealed that these top companies have on average 320 social media accounts in the major social networks. Further, Nexgate revealed that on an average around 40% of all Facebook profiles and 20% of all Twitter accounts are unauthorized and that most common are accounts that advertise free giveaways or bonus points. Social spam increased from 2013 to 2014 by over 650%, coming from over 50,000 different spammers, and incorrect links usually lead to malware or phishing sites.

Considering the alarming data, I am sure you are interested in Kaspersky Labs’ social media tips to close security vulnerabilities, which I found on their blog.

According to Kaspersky, phishing works because it plays on people’s trust: “Facebook is a good example of this. The ubiquitous social media platform has become a very popular tool for phishers in recent years, who have exploited both Facebook’s popularity and people’s fears of losing their personal data, ironically enough to steal people’s data by sending them bogus password reset requests that purport to come from Facebook, but do not.”

This type of attack on personal data usually comes in the form of a fake email or website that looks like it comes from a reputable site, but in fact does not. In Facebook’s case, a user might receive an email that has all of the theming and imagery of a typical message from Facebook, except that this email will tell the user that they need to reset their password and will offer that user a login prompt to do so. The user clicks on the prompt and is directed to a fake webpage that looks like Facebook, where the user enters his/her login and password. Just like that, the phishing attack has succeeded.

“Of course, phishing attacks in the form of Facebook emails are not the only form of phishing – attackers send similar messages that imitate the format of messages from major banks and credit cards in attempts to get access to people’s financial data and online accounts. Whatever web-service is in question, the goal of phishing attacks is always the same – to exploit users’ trust in well-known institutions to get their usernames, emails, passwords or PINs”, the security experts clarified, providing several tips how to avoid phishing attacks:

  1. Never complete a request for personal information that comes in an email.
  2. Only enter personal information on a secure website. You will know a website is secure if the URL begins with ‘https://‘ and if a lock icon appears in the lower right corner of your Internet browser. Click on that lock icon to view the site’s security certificate.
  3. .Look for telltale signs of forgery in emails that request personal information – spelling errors are immediate red flags. If the prompt to a webpage to enter your data has, an URL that is different from the site you expected to be going to, that is a sure sign of a phishing attack.
  4. Do not click on links asking for personal information. Instead, go directly to the site in question by typing the URL into your browser manually.
  5. Make sure your computer’s antivirus suite has phishing protection.
  6. Make sure your web browser, antivirus and all software programs on your computer, are always updated to the latest versions that have the latest security patches.
  7. Report any suspicious messages to your bank or social media platform immediately.

What should I say? Stay tuned & Happy networking!

By Daniela La Marca