Social media savvy: privacy settings and security on social platforms

security on social platforms

Social media platforms connect us with friends, family, and colleagues but can also be a goldmine for attackers. This blog post looks at the world of social media privacy and security, exploring the potential threats and steps you can take to protect yourself (and your business) from them.

Social media at home and work

Social media plays a big role in both our personal and professional lives. In our personal lives, we use platforms like Facebook, Instagram, and Twitter to stay connected with loved ones, share updates, and follow our interests.

In our work lives, LinkedIn is a go-to for professional networking, while companies use platforms like Twitter and Facebook for marketing and customer service.No matter how we use social media, it’s crucial to understand the potential risks.

The threats you face when using social media

Sharing information online comes with inherent risks. Common threats include:

  • Social engineering: Attackers might try to manipulate you into revealing personal information or clicking on malicious links.
  • Malware: Links or downloads shared on social media can infect your device with malware that steals data or disrupts your system.
  • Phishing scams: Fake accounts or posts might try to trick you into sending money or sharing personal details. In addition, spear phishers will often use social media to gather background information on targets. 
  • Privacy violations: Without carefully calibrated settings, your personal information and online activity could be exposed to unintended audiences.

Social media scams in practice

Operation Dreamjob

In 2023 cybercriminals from the Lazarus group, an alleged North Korean state-sponsored hacking organisation, targeted employees at a Spanish-based aerospace company.

Under the campaign ‘Operation Dreamjob’, the cybercriminals identified employees on LinkedIn, introduced themself as a recruiter from Meta and commenced a fake recruitment process.

As the victim progressed through the rounds of the ‘recruitment process’, they were asked to demonstrate their competency by downloading and completing a quiz.

In this case, the victim downloaded the quiz using a work computer. Unfortunately, the download contained more than a quiz and the attackers used this to access the company’s critical systems. 

This followed a similar attack by the same group in 2022 which used fake LinkedIn job offers to steal $625 million from the Ronin Network, a blockchain network that powers the popular crypto games Axie Infinity and Axie DAO.

Below is an example of what these attacks typically look like.

A bad romance

In my previous life as a cyber detective, I saw firsthand how cybercriminals frequently harness social media. This ranged from using social media platforms to execute their attacks, like above, or obtaining information from them. 

In a previous blog post, I wrote about the case of a business owner who lost thousands of pounds after falling victim to social engineering. In this attack, the cybercriminal used open-source research to find out information about their target – the business owner. The business owners’ use of social media to advertise their business enabled the cybercriminal to locate a business website, mobile number and key information about the business owner that enabled the attacker to go on and effectively build a relationship with the victim.

You can read more about this attack here.

What can you do to protect yourself?

Here are some key steps to take control of your social media privacy and security.

1. Review and adjust privacy settings

Every social media platform offers privacy settings that allow you to control who sees your posts and profile information. Where possible, set everything to ‘private’ or ‘followers only’.

2. Be mindful of what you share

Think twice before sharing personal details like your birthday, address, or phone number. Could this information be used against you?

Don’t click on links or download attachments from unknown senders.

4. Use strong passwords and enable multi-factor authentication

These measures add an extra layer of security to your accounts and prevent you from being the low-hanging fruit cybercriminals target.

6. Be cautious about location-sharing

Consider disabling location sharing on your posts or using it selectively. Also consider what location information is in the backgrounds of your photos, as this too can be used by cybercriminals. 

7. Limit third-party app access

Review and restrict third-party apps’ access to your social media accounts, including add-ons and plug-ins. And, if you need to use these tools, ensure they’re reputable first.

The founding fathers of social media created it with a utopian vision of connectivity. And, although social media has fallen a long way from those halcyon days, that doesn’t mean you can’t use it safely.

By understanding the risks and taking proactive measures, you can create a safer and more secure social media experience. Remember, privacy and security are ongoing processes, so regularly review your settings and stay informed about evolving threats.

Want to know more about the threats facing small businesses? Check out our guide to SMEs and the cost of living crisis. In it, you’ll find insight from real small businesses on the threats they face and practical suggestions for mitigating them.

SME cost of living crisis