By Corey Moss
I had originally intended to focus solely on the security aspect concerning social media, however after recent events, this has become a much wider discussion in terms of the dangers – and they extend to the psychological as well. The AV industry for one loves social media, we use it every day to communicate and share ideas (and have some fun as well), it works very well — until it doesn’t.
The security discussion
First, in the social media world, as usage continues to grow exponentially on an individual as well as company and organizational basis, the conversation of security follows right alongside. According to well-known social media cybersecurity company ZeroFox, social media security is the process of analyzing dynamic social media data in order to protect against security and business threats. It was revealed by the company that at the end of 2016, Facebook had 1.59 billion monthly active users, larger than the population of China. In a single minute of the day, 350,000 tweets are posted to Twitter, 300 hours of video are uploaded to YouTube and users like 1.75 million photos on Instagram. *
For the individual, hacking on social networks doesn’t equate to the types of attacks that we’re normally used to hearing about, it actually requires very little technical skill. It’s more of a psychological game – using information on personal profiles to win a complete stranger’s trust. Social engineering, well-known as a persuasive psychological technique, exploits the weak link – it can be achieved through sending a message that may convince the recipient to click on a link (phishing), or done in a higher level scam where a spoof email is constructed, perceived as a safe, known source with a link included to click on.
According to a 2016 study commissioned by Agari, which was reported in Forbes Executive Personal Information: The Latest Tool In Corporate Cyberattacks, some 60% of companies surveyed had been breached by a social engineering attack in the previous year. Figures from the FBI detail $2.3 billion in losses to American companies from email scams alone between late 2013 and early 2016.
In looking at the social network, when creating a profile page, many fail to consider the possible security risks. The more personal and professional information that’s included in the public profile, the easier it is for a hacker to exploit that information to gain trust.
A security advantage of most online social networks is that only “friends” or members of your network can see your complete profile, and it’s only effective if you’re extremely selective about whom you include in your network. If you accept invitations from absolutely everyone, at least one of those people could potentially be a bad actor.
One problem with online social networks is that they have no built-in authentication system to verify that someone is actually who they say they are. Taking LinkedIn as an example, the hacker can create a free profile and design it to match perfectly with the business interests of his or her target. If the person (“the target”) accepts the hacker as a connection, this person now has access to information on all of the target’s other connections. With all that information, it’s possible to construct an elaborate identity theft scam. One must be careful when considering a connection invite or friend request, or trying to connect with those who could at all be suspicious. In short, check profiles very carefully.
Also be aware that playing the “games,” especially on Facebook, open more doors to information flow for yourself as well as others connected to you, as some of those who are behind the games are lifting information for their purposes (as in they may be selling it). In short, don’t play these games – not even those that are Facebook-based as we all know how even Facebook can’t be a “trusted” source these days. When “friends” invite you to play a game, it might not be who you think it is.
In February, an Infosecurity article Social Media Impersonators Run Rampant and Undetected, along with LinkedIn, Twitter, Facebook and Google+, it specified that impersonators are also found on Instagram and YouTube. It was revealed that ZeroFOX analyzed nearly 40,000 identified impersonator profiles to uncover trends over time and commonly observed tactics, techniques and more. It found that tactics used by these types of accounts are devious and diverse, ranging from traditional social engineering ploys to actually paying money to advertise the scam to reap higher rewards.
The psychological discussion
I have been participating on social media – Twitter since 2013, I had returned to LinkedIn in 2012 after being off of that platform for a little while, and Facebook I had already been on all along. Twitter was something that I had to learn and it took a bit to truly leverage it, LinkedIn and Facebook were fairly native although LinkedIn had changed a bit. Facebook was pretty much friends discussion, talking sports, music and such. No business really or anything about politics, just friendly discussions. Sure there were those that would get a little amped up in discussion, you just chose to continue, or ignore it altogether.
I have enjoyed Twitter immensely ever since I began using it, I’m not a viral follower, never have been. As with LinkedIn, I’m fairly measured in terms of who I connect with, and I actually disassociated with many connections on LinkedIn who I found to be problematic in their discussions. I haven’t found that to be the case much with Twitter, however there have been those that required an unfollow.
Facebook, which used to be a wonderful place to be able to talk and share about common subjects (again sports, music), has at times now become a diatribe filled atmosphere of nonsense, much of which began in 2016 with the presidential election. I’m one who has never liked talking politics, however even I was dragged into engaging in this mess, at times with family too. I will admit to disconnecting from a lot of people, family as well, as such conversations continue to become poisonous. There are those who stay away from the fray, and good for them. For those who do engage, as had happened recently in a meme/gif diatribe filled engagement on my FB page that many witnessed, the psychological effect that this bears knows no bounds. People have been driven to utter distraction as a result, and I for one am putting a stop to my engagements on all platforms – they will no longer continue. In fact I have set up a new Facebook page where this will no longer occur.
Thank you all for taking the time to read this – the security portion is important for all who participate on the main social media outlets to know, the psychological is important for all to be highly aware of.
*ZeroFox: What Is Social Media Security? (includes whitepaper download).
I check what I consider to be suspect files and URL’s here.
With over 20 years in audio visual integration and IT/computer sales and consulting, Corey Moss is the owner of Convergent AV. Corey writes for the publication and hosts/produces podcasts – The AV Life, Convergent Tech Talk and Making a Marketer. He has written for numerous industry publications about AV, IT, unified communications and collaboration (UCC), cloud and software, IoT, cybersecurity and more. He has also conducted interviews with AV and IT executives and global influencers.