The simplest way for cyber criminals to steal account details is through a phishing attack, which tricks users into giving away their credentials by exploiting the medium’s virality and trusted messaging.
And, while small business users may be looking out for phishing attacks asking for bank account or credit card details, too few are as cautious when entering account details for social networking sites. Attackers know this and are using it to their advantage and it is reported that the number of phishing sites that spoofed social network sites increased 123 percent last year, we are ourselves were subject of an attack recently.
We asked security specialists Symantec’s to give us some top tips on how SMEs and their employees, who use social networks both professionally and personally, can protect themselves
- Check the social networking site’s address – typo squatting sites are often used to attempt to capture user credentials.
- Scrutinise the site’s security certificate to ensure you are logging into legitimate services and look for “HTTPS” in the address.
- Be suspicious of links sent from unknown users and even emails that claim to come from a social networking site, as this is a popular phishing tactic. And, don’t click on links in messages, even direct messages from a known “friend” or “follower,” that seem strange or out of character. A common method used by attackers is to pose as a friend/follower and send messages with links to sites that are infected with malware.
- Install security software on user machines that protects against phishing attacks.Use different passwords for each account; that way, even if one account is compromised, the others will stay safe. Passwords or passphrases should be difficult to guess and not in the dictionary. Ideally a combination of upper and lower case letters, numbers, and special characters should be used. And remember to change your passwords regularly.
- Don’t answer yes when prompted to save your password to a computer or browser. Instead, rely on a strong password committed to memory or stored in a dependable password management program. Using a phrase known to you with some combination of characters from the URL is one approach to creating an easily memorable password for each site.
- When the site offers it, use two-factor authentication that requires not only your user name and password, but also a trusted device (like a mobile phone) that can be used to confirm the identity of the account holder.
- Report any suspicious or potentially malicious activity to the social networking site’s administrators.