How do criminals use social media to steal information?
January 31, 2020
By Doug Kaplan, courtesy of InfoArmor
When you share on social media, do you have an audience in mind? Maybe that photo of your kids helps you connect to faraway relatives, while a shot of you in your old stomping grounds sparks a chat with old college buddies.
Unfortunately, when you think about who’s watching on social, you should also consider cybercriminals.
Fraudsters use social networking platforms to identify victims and steal their personal information. Before you share any meaningful information or even accept a request to connect with someone you don’t know in real life, consider these common ways criminals can manipulate social media.
Social shares lay the groundwork for targeted attacks
There’s a wealth of personal information available on social media. Unfortunately, criminals can use those details to power sophisticated phishing attacks.
The more criminals learn about you, the more they can tailor their approach. And that’s bad news, because highly personalized attacks are more likely to succeed.
For example, if you’ve shared your workplace online — like the 177 million people in the U.S. who are on LinkedIn — a bad actor could use that information to launch a type of phishing attack known as whaling, in which a thief’s attempt to steal credentials or even cash is disguised as a directive from your CEO.
If you’ve shared a particular passion or hobby online, a fraudster could use those details to lure you to a landing page that looks legitimate, but actually installs malware on your computer or steals your credentials.
And if you communicate regularly with friends on social media, a phisher could mine those public conversations, use the details to convincingly pose as your friend, then ask for your log-in information or other sensitive details.
What’s more, bad actors may be monitoring your feed for clues to your password — so make sure yours doesn’t include something easy to guess, like your dog’s name.
Your online activity can lead to crimes in the physical world
Unfortunately, criminals don’t stop at phishing attacks. Some use social media for reconnaissance before planning a crime in the physical world.
That’s why it’s wise to delay vacation posts until after you’ve returned home. When you’re posting in real-time about your two-week honeymoon abroad, you’re also sharing publicly that you’re not home, and won’t be for some time. Burglars can log on to social networks too — and may see your extended trip as an invitation to stage a break-in.
The same idea also applies to daily life. Posting in real time could reveal your regular schedule or your location at any given time. Why not delay Instagram posts or location check-ins by a few hours or even a few days?
As an added bonus, you’ll have more time to make sure your posts aren’t revealing more than you intended — like that family photo taken on the front porch that happens to include your house number.
Be wary of fake accounts — and real ones that have been hijacked
When you’re communicating online, it’s not always easy to confirm that a person is who they say they are.
According to a Pew Research study, 49 percent of social media users say they use the networks to make new friends. But those online friends may actually be fraudsters looking to mine your personal information. One way to reduce this risk is to decline friend requests from people you don’t know in real life.
Still, even close friends and verified public accounts can be hacked. Additionally, any online request that involves sending payments or sharing personal information should be regarded with suspicion, even if it seems to come from a trusted brand, celebrity, or real friend or acquaintance.
Social media best practices
Life in the digital age isn’t without danger — but that’s no reason not to enjoy the internet. When using social media, please follow the guidelines we covered in this post. Here’s a quick recap:
Decline friend requests from people you don’t know in real life
Don’t post in real-time — wait a few hours, or even a few days, before sharing content that reveals your location
Be thoughtful about sharing personal details online
Be wary of requests for sensitive details or payment information, even if they seem to come from a close friend, celebrity, or major corporation
Be cautious when clicking links from your social media feed; hover your mouse over shortened URLs to confirm the real destination
If you’re a PrivacyArmor member, you can log in to the portal to activate key features that provide additional protection. Through social media monitoring, we can keep tabs on social accounts for everyone in the family, watching for vulgarity, threats, explicit content, violence, and cyberbullying. As an exclusive to PrivacyArmor Plus, we monitor for account takeovers that could lead to costly reputation damage.
If you’re a PrivacyArmor member and you opt into dark web monitoring, the bots and human operatives we utilize will regularly scan closed-hacker forums for your compromised credentials. If you’ve fallen prey to a phishing attack and your information lands in the wrong hands, we’ve got your back. We’ll alert you right away if we find your information for sale.
Not sure if you’ve been compromised? PrivacyArmor Plus also provides credit monitoring from all three bureaus, which may make spotting and resolving fraud easier.