In today’s world, most businesses and not-for-profit organizations have social media accounts. Also, whether these organizations like it or not, employees often access their personal social media accounts using the company’s Internet connection. Therefore, any network cyber security solution must monitor social network usage.
Each social network has its unique vulnerabilities, and these vulnerabilities change and evolve over time. While it’s not an exhaustive list, the following is an idea of what organizations and employees may currently encounter on five of the most popular social networks.
Facebook: Phishing for Login Information
Recently, phishers used cloud application platform Heroku to launch a phishing attack through Facebook. Either using fake Facebook statuses or Twitter direct messages, phishers sent out a message that said, “I’m turning off my page if no one comes farward [sic] regarding this.”
After the message was a link that, when clicked, opened up a fake Twitter login page stating users had to input their Twitter login credentials to watch a Twitter video. The original Facebook app page was hosted on Heroku; however, the fake login page was hosted at a completely different data center.
Lesson: Always check for the “https” in front of a URL before you enter any login credentials. The fake Twitter login page did not have this secure URL.
Twitter: More Phishing Via Direct Message
Two common messages phishers have recently sent through direct message have included, “Did you see this pic of you? Lol” and “Have you seen of you? Lol.” Both messages are followed by a link that takes the user to a fake Twitter login page. The page says, “Your session has expired” and then asks for the user’s login and password.
Lesson: In addition to the “https” indicator, look at the login page’s domain name. Instead of having the domain name “twitter.com,” the fake login pages in this attack used domains like “twlilter.com” and “tvitter.com.”
Pinterest: Disguised Malware Links
Pinterest is the fastest-growing social media website. Unfortunately, spammers have also invaded Pinterest and are causing many people to feel unsafe about clicking on some images.
For instance, a spammer may pin a photo to Pinterest with a trusted URL like “bbc.co.uk.” A redirect command then takes the Pinterest user to a spam page and also pins the original fake picture to one of the user’s Pinterest boards. Alternatively, spammers use a link shortener to disguise the malicious link completely.
Lesson: Be cautious about clicking on images with shortened links like “bit.ly” or “t.co.” When you click the image and it expands onto a larger page, hover your cursor over the image and check the full URL before clicking. This action will ensure that you don’t click on a “redirect.”
Instagram: Free Followers
If your Instagram account is set to “private” (and it should be), you are given a notification if another Instagram user wants to follow your feed. When you click certain account pages, you may notice a photo posted that says, “Get Free Followers.” If you click on the photo, you are directed to a download page and asked for your email address. The link spreads Android malware that can both launch malicious Web pages and send fake text messages from an Android phone.
Lesson: Mobile devices need antivirus solutions, too. Make sure that you have something that can detect and eliminate mobile malware.
Tumblr: The Tumblr Diet
If you’ve enabled the “Ask” feature on your Tumblr account, don’t answer questions posted by anyone offering you diet information or get-rich-quick schemes. Spammers have been posting comments on “Ask” about “The Tumblr Diet.” If the blogger responds and posts the link into his or her comment feed, then anyone who clicks the link is taken to a spam website offering diet pills. The website contains a small form asking for information like your name, email address, physical address and phone number. When you enter that information, you are then taken to a page requesting credit card information.
Lesson: Some Tumblr users like to answer the spam message with sarcasm, but remember that every answer that you give goes into your feed — where others could click on it. Therefore, delete the spam and skip the diet pills.