Category Archives: Social Media

Social Media Security

This Article From Heimdal Security:

Social media is part of our lives. And many times, when you think about social media, you tend to think of Facebook, Twitter and LinkedIn.

Facebook, for example, spread so much that even our parents, neighbors and distant relatives (even from remote areas of the country) now have a Facebook account.

Since these social platforms are so popular and the distinction between public and private is blurred, these online services attract dangerous elements that are interested in retrieving our sensitive information. And in this point you may become a victim to identity theft and malicious actions from online criminals.

So, how do I balance using social media and keeping confidential information confidential?

  • Facebook
  • Twitter
  • LinkedIn
Protect Your Facebook Account

Since Facebook is probably the biggest and most popular online network right now, I will try to go deeper into this platform’s privacy and security settings and then present shortly 10 additional steps you can follow to stay safe online.

Access your Facebook Settings

To access your Facebook account settings, start by going to the top right corner of your screen and select Settings from the drop-down menu.

Note: Though I can classify actions and steps in security and privacy sections, I believe it is easier for you to follow me, as I take each section and discuss it before I continue to the next, as it appears in the Facebook settings menu.

General Account Settings

By clicking the Settings button, you should see the General Account Settings on the left hand side of the page in the provided sidebar.
In this location you can update your Facebook account password and Download a copy of your Facebook data.
Security Settings 
Let’s continue on the left hand side of the page with the Security Settings.

Login Notifications

This option allows you to opt in to receive Text and Email messages when your account is accessed from an unknown computer or mobile device. This is very useful in case a hacker tries to access your account.

Login Approvals

Turning on this option will require a security code to be generated in order to access the account on a new browser. You have three options:

  • have a security code sent by SMS to your mobile device;
  • generate a security code by Code Generator in your Facebook mobile device app, if you have an Internet connection;
  • pre-generate 10 codes that you can print on a piece of paper and use them when you don’t have your phone with you;

This layer of security is also meant to keep other people from accessing your Facebook account.

Code Generator

This option is used with Login Approvals to create codes that you can use to access your Facebook account from a new browser.

App Passwords

This option helps you create single use passwords to access third party applications on Facebook and keep your main Facebook password safe. When you log out of the application, the password is not saved. To access the third party application again, you will need to generate a new password.

Trusted Contacts

Select close friends to contact if you have any trouble accessing your Facebook account.

Trusted Browsers

This is where you find a list of saved (trusted) web browsers you used to access your Facebook account. You can choose to remove a browser from the list if you don’t use it anymore, let’s say you left your work place and of course, you don’t use the browser in that location anymore.

Where You’re Logged In

This is where you can review your logged-in status and End Activity (terminate the session) on places and devices you don’t recognize.

Deactivate your account

From this place, you can choose to deactivate the Facebook account. This is useful if you know that you won’t be able to access, or you simply don’t want to access, the Facebook account for a period of time. You can reactivate the account at any time.

Privacy Settings

The next section you need to access to improve your overall security is the Privacy Settings area. The settings from this location are meant to help you review basic privacy settings and make sure your profile and the content you shared are viewed by the audience you select.

Who can see my stuff?

Select the audience for your posts. You can choose:

  • Public
  • Friends
  • Friends with Acquaintances
  • Only Me
  • or you can create a Custom audience

I recommend you to set the default sharing option to Friends.

In the same location, you can review your posts and your Facebook activity by using the Activity Log, or limit the audience for your posts in the past.

Who can contact me?

Set who can send you friend requests. If you want to be located by people you used to know in the past, you need to set this to Everyone.

Who can look me up?

In this place, you can choose if you want to be looked up by people using your e-mail address or your phone number. At the same time, you can select if you want search engines to send someone looking for your name to your Facebook timeline.

This is an important privacy setting that you should consider, since your Facebook timeline will appear in search engine results if someone searches for your name.

Timeline and Tagging Settings

This place allows you to set other privacy settings for your Facebook account. You can choose who can add things to your timelinewho can see posts you share on your timeline and how to manage tagging options.

Who can add things to my timeline?

This one is pretty straight forward. You can choose to allow friends posting on your timeline and review a post you are tagged in, before it appears online.

Who can see things on my timeline?

Use this option to check what other people have access to on your timeline. You can select a single person and view how he or she views your timeline. You can also select who can see posts you have been tagged in on your timeline and choose who can see what others post on your timeline. In the last two cases, you should set these options to Friends.

How can I manage tags people add and tagging suggestions?

Turning on this option, you will be able to check the tags friends add to your photos before they appear. It is an important privacy option because if someone adds a tag to one of your posts, his/her entire list of friends will see your specific post.

Blocking

In the Blocking tab you can restrict the way in which other Facebook users, Facebook applications or pages interact with you.

Restricted List

This list is useful when you want to restrict a friend from seeing the posts you share on your timeline for other friends. Nevertheless, that person can still see content you make public.

Block users

Users you add to this list cannot see your Facebook profile, send you invitations, add you as a friend or start a conversation with you. Use this option to add a friend whose account has been hacked. In the same Blocking tab, you have the option to block app invites or event invites from someone, block apps and Facebook pages.

Mobile

This is probably one of the most important security settings you can set to your Facebook profile.

To enable Login Approvals, you need to enter a mobile phone number here. In case your browser is not recognized, you will receive a code via text message to log in to your Facebook account.

Apps

Most of us use third party applications on Facebook, applications which usually ask permission to access our content and private data.

In this location you can see exactly what each third party app has access to and you can choose to remove it from the list, in case you don’t use it anymore or you have discovered you are dealing with a suspicious app.

Ads

Do you want to allow third party sites access to your personal information?

Do you want Facebook telling your friends what you like? If you want to opt-out from these two options, simply select No one to these two options.

The third option, Ads based on your use of websites or apps off Facebook, let’s you opt out of ads that are selected for you by Facebook, based on your behavior on a particular website. We all searched for a hotel on a website and we were amazed to see on our Facebook page an ad for that hotel.

10 tips and tricks for increasing your Facebook security

1. Don’t accept friend requests from unknown people. One of the favorite methods used by online scammers to collect private data and sensitive information from users is by creating fake Facebook profiles. Make sure you and your children pay attention to this possible privacy threat.

2. Do not disclose your personal details and your Facebook credentials (e-mail address, phone number and password) to other users. This information can be used by cyber-criminals to access your personal data.

3. Keep your browser up-to-date with the latest available patches. Your browser and other software on your system, not to forget the operating system, should have the latest patches installed. Stay safe and don’t expose your system to cyber-criminal attacks.

4. Use a good security program. You need to rely on a good security software, which includes a real-time scanning engine. This means that files you download from online locations are analyzed in a very short period of time.

5. Stay safe from phishing attacks. Pay attention to the various messages you receive from unknown users, which ask for your personal data.

6. Don’t use the same password from your Facebook account to other online accounts. If you use the same password in other locations as well, you are vulnerable to a potential hacker attempt that tries to get access to all your accounts.

7. Activate Login Approvals. Though I have already mentioned this step before, I need to emphasize again its importance.

8. Be careful when connecting to free wireless networks from public spaces. Online criminals use these types of unprotected networks to access users’ credentials and steal sensitive data. To limit your exposure, you can use a private browsing session.

9. Don’t click that link! Since social media and in this case, our Facebook profile, is used for spreading and sharing various content, it is also one of the favorite means of carrying malicious links across the Internet.

10. Log out of your Facebook account. This piece of advice is useful when using a public or work computer, which is used by multiple individuals.

Protect your Twitter Account in 10 Steps  

Twitter is one of those popular social media platforms used not only by private individuals, but by large businesses and important names in the IT industry.

Due to its short writing style, it has been related to journalism and even used as a favorite news spreading tool for revolutions and revolts around the world.
To stay safe from malicious attacks targeting social media accounts and prevent online criminals from retrieving private data from us, you need to follow additional steps to keep your Twitter account secure:

1. Create and use a strong password

Yes, I know, it is easy to remember and use a password in multiple online accounts. Maybe using something familiar like your family name or your birthday date seems to be a good idea. But isn’t this exactly the same thing online criminals count on?

To make sure your account is safe from online intrusions, it’s key to create a strong password which includes upper and lower case characters, numbers and symbols, and is over 10 characters long. This way it will be difficult for cyber-criminals to access your Twitter account.

At the same time, don’t use the same password in more than one online account. The reason is easy to guess: if one of your online accounts is hacked, the others will soon follow. By using different passwords, you reduce the potential loss in case your Twitter account is accessed.

2. Use login verification

Login verification is a security option which helps you protect your Twitter account.

It is a form of two-factor authentication, where you’ll be asked to provide a phone number and an e-mail address before you connect to your online account.

This login verification adds a second check, where you have the following 3 options:

  • enter a verification code sent to your phone’s Twitter app
  • enter a text message sent to your phone number
  • enter a photo of a backup code saved on your phone from when you first enrolled in login verification

To activate Login verification, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Security and privacy in the left menu.
  5. Select the corresponding option.

 

3. Don’t post private information and do not disclose your location

Don’t let online criminals know where you are and what you’re doing. By default, Twitter is a public network and anyone and see your tweets and can follow you.

If you want to control other people’s follow requests or you want to share your tweets only with your followers, you can make the necessary modification in the Security and privacy area and check Protect my Tweets under the Privacy section.

At the same time, make sure you don’t offer valuable information to cyber-criminals, such as your location. This kind of data becomes very important for a hacker who wants access to your private files or needs to create a persona for you, in order to proceed to identity theft attacks.

To protect your tweets and disable tweets location, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Security and privacy in the left menu.
  5. Select the corresponding options.

 

4. Stay safe from phishing attempts

Phishing attempts on Twitter usually start with a direct message you receive from an unknown person who tries to retrieve your Twitter credentials for spamming purposes.

It is a classic phishing attack through which they try to trick you into giving away personal information or private data.

This type of message will provide a link, which sends you to a malicious login page. Don’t reply to this type of e-mail or click the provided link.
At the same time, many of us had that Twitter friend which sent an unusual direct message to all his followers. In this case, that particular account has been hijacked and you should not reply or click any link that it may contain.

5. Use a specialized security solution against spyware threats

Even if you pay attention to phishing attempts and spam campaigns, you still need to keep yourself secured with a safety net. I am talking about a specialized security solution against spyware threats.

To keep your system secured against spyware, use one of the popular anti-spyware products available online. A few security solutions capable of removing spyware from your system are Malwarebytes, Spybot Search and Destroy, Lavasoft’s Ad-Aware, etc.

6. Check what apps can access your Twitter account

Another important way to protect your account is to be cautious when giving access to third-party apps — these services can gain full control of our account.

To make sure your Twitter account is not vulnerable, do not give access to untrusted third party apps. When you give your account credentials to an app, they have complete control and they can take actions which may cause your account to be suspended.

Pay extra attention to apps that promise money or a big number of followers. When in doubt, simply search the Internet for that app’s name before you provide access.

To check permissions apps have to your Twitter account, follow these steps:

  1. Access your Twitter account.
  2. Go to the top right corner and click your user image.
  3. Choose Settings from the drop down list.
  4. Click Apps in the left menu.
  5. Take the necessary steps to allow or revoke access.

7. Make sure you keep your vulnerable apps up-to-date

Security news on software vulnerabilities have appeared lately all over the important security blogs and related IT channels in the industry.
These threats cannot be ignored. Cyber-criminals use software vulnerabilities in our systems and mobile phones apps to take advantage of our private data and use it in identity theft attacks.

Therefore, keeping popular software like Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Quicktime up to date is important, but
paying attention to our mobile phones apps is also important and you should always make sure you have the latest updates installed.

8. Use a Virtual Private Network To Hide Your IP Address

One of the favorite methods used by cyber-criminals to steal credentials is to employ wireless sniffers to retrieve data sent over unsecured networks.

To safeguard your social media accounts and protect your online activities, you can use a VPN, that is a Virtual Private Network.

Using a VPN means that you hide your IP address, encrypt your connection and access various web locations in a private environment. This method keeps your sensitive data from cyber-crime, identity theft and phishing attempts. Stay safe online especially when using wireless networks by using a popular VPN like CyberGhost.

9. Secure your browsing habits

Choose your web browser with care and make sure you have made the necessary changes to improve your security and privacy. Vulnerabilities in web browsers are like open doors to hackers, who try to retrieve private data from our systems and from our social media accounts.

To secure our online privacy, follow these guidelines:

  • Secure your web browser from online criminals’ attacks by choosing the latest version for your browser and installing the latest security patches.
  • Read this Ultimate Guide to Secure your online browsing and increase your online security
  • If you access your social media account from an unsafe location, choose a private browsing session in order to remove the browsing history details.

10. Don’t forget to log out from your Twitter account

This security step should be followed if you connect to your account on a public computer. Though you may be used to closing the web browser as soon as you are done with your activity, you should remember to log out from your accounts when you finish your online sessions.

If you don’t do this, especially if you are in a public location, the next person who opens the Twitter account, for example, will access directly our online profile.

Private browsing sessions are also recommended if you want to prevent authentication credentials (or cookies) from being stored.

Protect your LinkedIn Account in 10 Steps

Social media is not all about having fun. Or starting a revolution for that matter.

You may go for Twitter if you want to find out the latest news and choose Facebook to stay up-to-date with your friends’ latest interests.

But when you turn to your LinkedIn account, you need to keep things serious and professional. And this is even more important than on the other less “serious” channels.

LinkedIn can become our vulnerability when dealing with online criminals, since there is more private information shared publicly than on other popular social media accounts. You simply expose and reveal more about ourselves than on our Facebook profile.

Therefore, make sure you follow these 10 steps in order to increase your security when using your LinkedIn online account:

1. Check your current connections to LinkedIn

This option is very useful because it allows you to see which devices you have connected to your LinkedIn account and which sessions are still opened.

This LinkedIn feature can help you if you know you have connected to your LinkedIn account from a publicly shared computer or from a computer in a place you have recently left.

In case you notice you are connected to your online account from an unknown device, choose the option to sign out as soon as possible from that device.
It may be a cyber-criminal trying to retrieve sensitive data from your account and using this private information later on against you in an identity theft attempt.

2. Request an archive of your data

Using this option, you can request LinkedIn to send you an archive of your account data.

It is an important step for your online privacy allowing you to see not only what information you made available online for others, but IP records of your past login connections, recent searches and other details.

3. Who do you connect to?

Connect only to people you know and trust. Adding to your list of connections unknown people, or people you don’t actually know very well, increases the risk of adding online criminals who only want to use your personal information.
Using this professional data, which can be combined with personal information from social media accounts, like Facebook, cyber-criminals attempt to put all this data together before they run an identity theft operation.

Before you know, your online banking accounts’ credentials have been guessed and your money removed without any notice.

We have dedicated lesson 5 to this topic.

4. Let’s keep it private: protect your sensitive information

Online security is connected to privacy. As I mentioned above, private information may be used against you if it comes in the wrong hands. Therefore, you need to pay attention to what you share with others, especially with unknown people you have given access to your LinkedIn profile.

Use the following options to increase your privacy online:

  • Turn on/off your activity broadcasts: If you want to hide from your connections the changes you choose to do on your profile, who you follow or when you make recommendations, choose to uncheck this option.
  • Select who can see your activity feed: To hide your actions on LinkedIn or let only some connections see your actions, select from the drop-down menu: EveryoneYour networkYour connections or Only you.
  • Select what others see when you’ve viewed their profile: You don’t want your connections see that you accessed their LinkedIn profile? Choose to go anonymous using this option.
  • Select who can see your connections: You don’t want to share your list of connections with the others in the list? Use this option to change it to Only you.
  • Edit your public profile: How do other people see you? Did you know you can control your public profile and how you appear on search engines? This is the place where you can make the necessary modifications and what information you choose to make visible online, like your current or past work places, your skills or your education. Choose wisely.

5. Enable Two-Step Verification to block cyber-criminals from accessing your online account

First of all, I need to say that this security measure should be enabled and used for any online account you have, where this option is available. Some of the most popular online accounts allow activating this security step, for example Google, Facebook, yahoo Mail or Dropbox, to name a few.

But what exactly is Two-Step Verification for LinkedIn?

This security option is a form of verification that can be used against identity theft and unauthorized access to your LinkedIn online account.

Activating Two-Step Verification requires that you insert a security code sent to your phone every time you connect from an unknown device. Since most cyber-criminal attacks and identity theft attempts occur from unknown devices, I strongly recommend using this security option.

6. Secure your connection with HTTPS option

Using the same location in the LinkedIn security settings where you enabled Two-Step Verification, you have the option to activate the secure browsing mode.

This security option should be used as an extra protection step against unauthorized access to your browsing sessions and to make sure you are actually connected to your real LinkedIn account.

Most of all, I recommend activating and using this secure browsing option if you access LinkedIn regularly from unsafe or public locations, such as Wi-Fi networks in cafes, airports or hotels. These places are usually favorite locations for online criminals to access and retrieve your online accounts’ credentials for banking websites and other online accounts.

7. Don’t forget to sign out of your online account

This is something I highly recommend, especially after using a publicly shared computer or an unsafe Wi-Fi network. We tend to think that closing the web browser as soon as we are done with our online activity is enough, but you should remember to log out every time you finish your online connection.

If you forget to do this, especially if you are in a public space, any person accessing the browser may be sent directly to your online profile.

At the same time, if you really need to use a computer from a public location and you are not sure about its security settings, I recommend using a “private browsing” session, which prevents your browsing session history and credentials from being preserved.

8. Keep your software up to date

Software vulnerabilities seem to increase each day. Now, they have become one of the main tools used by online criminals to take advantage of our systems.

By not keeping our Windows operating system and our programs up-to-date, you allow online criminals to use these security gaps and gain access to your programs and applications. It is a quite well known fact that vulnerable software applications like Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Quicktime are on most people’s computers and are widely used.

Few people in return actually acknowledge these solutions are under threat from cyber-criminals and they should use a dedicated solution to keep them up-to-date.

9. Set a Strong Password for your LinkedIn account

You may notice by now that I recommend more than anything setting a strong password, if you have an online account. So, the same advice is valid here.

Here are a few simple steps you can follow:

  • Use different passwords for different online accounts. In case one of your online accounts is accessed by an IT criminal, at least you know that the other online accounts won’t follow.
  • Make sure your password has over 10 characters.
  • Don’t forget to use capital letters, numbers and symbols.
  • Use a special program to keep your passwords, like LastPass.

Remember lesson 5, when Andra helped you make your passwords hacker-proof?

10. Watch out for phishing messages requesting personal or sensitive information

Phishing is an old tactic used by IT criminals who try to steal your sensitive information and your financial data. For this reason, you should keep an eye, not only on e-mail messages, but also on messages received via your LinkedIn account.

For this reason, always look closely at the received e-mail before you open any attachment or click any link in the message. Do you know the sender or the company who send the message? If you are not sure about their identity, look them up online for more information.

Do they ask you to download and install an application? This is not a good sign of trusting that message. And is there a link you need to follow? Check the link before you click it. Simply hover the mouse over the link to see if it sends you in a legitimate location. To make sure you are going in a good direction, check the suspicious links using a reliable URL checker, such as VirusTotal.