When the Twitter account of the CEO of the world’s biggest social media network is hacked, you can be certain that social media platforms are ripe for cyberattacks. No amount of cyber planning by Facebook CEO Mark Zuckerberg prevented the hack. Other celebrities and corporate accounts, including Roger Goodell’s NFL Twitter account, have been similarly compromised. Stopping, or at least minimizing the damage from a hacked social media account begins with understanding the 4 motivations behind a typical hack.
- For the “LULZ”. Some hackers take control of a social media account for no other reason than their ability to derive some enjoyment (in hackerspeak, the “LULZ”) out of their feats. These hacks may not compromise any data, but they are nonetheless annoying and disruptive.
- For forced shares. Hackers access an individual’s or an organization’s followers in a social media network and share seemingly innocuous information with those followers on the premise that the information is coming from a trusted source. When followers click on a shared piece of information, the click installs malware and phishing bots into a follower’s system.
- For forced follows. Hackers invite unsuspecting friends on accounts that they have hacked to follow what appears to be a trusted source, but what is instead a site that hackers use to garner additional information.
- For information. Individuals and organizations post significant amounts of information on social media about their plans or products and services. Hackers use that information as a lever to gain deeper access into personal data.
A small amount of cyber planning can provide a good first line of defense against social media cybercrimes. Using complex passwords for social media accounts and changing those passwords frequently is a strong start. Refraining from using public Wi-Fi and ignoring links from unknown sources will also protect a social media user against low-level attacks.
More sophisticated attacks will require more advanced cyber planning defenses. Hackers are now utilizing social bots to spread false information and to co-opt social media users into reacting to that information. Hackers can then target the individuals who posted responses to the false information. Organizations monitor social media networks for any postings that might reference them. When they sense an incorrect story that is gaining traction on social media, they can quickly issue rebuttals to minimize any damage. Individual social media users do not have a similar capacity, however, and as a result they need to remain wary of suspicious information that is distributed over social media.
Most security experts recommend that social media users adopt a heightened sense of awareness and mindfulness when posting or responding to information on social networks. This can be as simple as determining whether the information is the type that would likely originate from the source that is distributing it. In 2012, for example, Facebook users began to receive messages informing them that their accounts would be deleted, and that they needed to click on a certain link to maintain the account’s status. When they clicked the link, they were asked to input a credit card number to secure their account. A mindful social media user would understand that a major social network would not request this type of information for this purpose.
The social media cybercrime problem will continue to target individuals and organizations. Organizations that are doing their own cyber planning against these crimes should consider the risks to their reputations and customer bases if their planning failed to stop a major data loss. In that event, cyber protection insurance policies can help an organization recover some of its financial losses from social media cybercrimes and other hacking events.