Social Media Sharing

The average person spends over 2 hours a day on social media. This time does not go without some inherent risks!

Hackers are constantly on the prowl for information they can use in malicious attacks, whether it’s stealing your identity, hacking your information online, or getting you to download malware.

Let’s start off with a Social Media scenario to clarify what can really happen when you overshare.

Hacky Hackerman, an evil brute, wants to tap into your iTunes account. He’s got your email address in hand- not hard to obtain. It was marked public on your LinkedIn profile. But hey, you should be ok because you have set up Multi-factor Authentication on iTunes. To log in, Hackerman needs to answer two ‘top secret’ security questions. Let’s see if he can do it…

Question #1: Your mother’s maiden name

Hackerman finds you on Facebook. He looks under your Family and Relationships tab and see’s your mother listed, his lucky day. She has her maiden name and married name as her profile name, you know, so people from high school can still find her.

Question #1: ANSWERED

Question #2: Name of High School Mascot

Hackerman is at it again, quickly finding the answer to this question. On your profile, you attended Fun Times High School in Funtown, IA. He looks up the school and sees a big, goofy clown on the high school’s website…the Fun Time Clowns.

Question #2: ANSWERED

“Well," you’re thinking, “my questions are a little more complicated…like…what was the color, make and model of the first car I owned.” Oops. Remember that fun post game that you played:

You commented: “1992 Green Chevy Malibu, still my favorite car, miss that thing!”

Hackerman had typed your name into the search bar on Facebook and boom, just like that, found all these fun posts you commented on…along with that gem of a security question answer.

Hackerman obtained all of this information in minutes…because you were’nt taking your safety into mind. This was a simple hack, one that could give Hackerman extra information to complete a more dangerous hack towards you, or even lure you into downloading malicious software. This is serious business, so let’s take it seriously!

Here are some tips to keep yourself safe while using social media:

Check your privacy settings. This should be your first line of defense. By default, privacy settings are generally wide open on social media platforms. Do not assume these settings will protect you without some tweaking!

Stop giving out sensitive information! Anything that can identify you should not be shared for the world to see. Think of those security questions above! Personally Identifiable Information (PII) that is shared on social media can get you into a world of trouble, but so can the little things. Ask yourself, “Do I really NEED to share this with people, and what could be the potential risks if I do?”

Turn off geo-tagging and location information. What harm can come from sharing your location? Imagine Hackerman not only likes cybercrime, but also physical burglary! What a troubled fella! Your profile says you live in Somecity, IA but you posted and shared your location in Anothercity, FL. He knows you are a good distance away, and has been eyeballing that new bicycle you posted a picture of two weeks ago. Great time to go to your house and snatch it!

Stop and think before posting or commenting on social media, and ask yourself what the potential risks are of sharing such information, even if you think it isn’t important.

Glossary

Multi-Factor Authentication:

When you sign into your online accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a very good way to do it. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.

That's why almost all online services - banks, social media, shopping, etc., have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification" or "Multifactor Authentication" but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or application (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

Personally Identifiable Information (PII):

Personally identifiable information ( PII ) is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used to deanonymize previously anonymous data is considered PII.