It's common sense to lock your doors or that strongbox where you keep that very rare edition of Action Comics #1, but when it comes to social media, users still don't "like" basic security procedures. From Sarah Palin to The Woz, celebrities and average Joes alike have been victims of social media hacks.
In an infographic on the security firm VeraCode's website, staff writer Fergal Glynn sums up the history of malware and viruses on Facebook and Twitter--and it isn't pretty.
It used to be, that malware or viruses were obtained via email attachments, file sharing, and visits to certain questionable websites. Yet according to Glynn, more viruses were downloaded via Facebook, Twitter and Google+ than visits to whitehouse.com.
One virus, KoobFace, infected dozens of computers worldwide and netted an estimated $2 million in profits for cybercriminals...many of whom were from St. Petersburg, Russia (Facebook later identified all five cyber thieves).
While Koobface never targeted users' financial information, the names, passwords and contact information was more than enough for them to obtain account numbers. Since then, Koobface has been outshined by several, much more vicious and pernicious viruses than Stanislav Avdeyko, Anton Korochenko, or Roman Koturbach ever imagined.
In 2007, Twitter experienced its first hack when users' SMS information (the text messaging software ubiquitous on mobile phones) was hacked. Twitter was hit again by a Trojan hack in 2008, and once more by Koobface in 2009. The spate of hacks caused the social media site to take the dramatic step of banning over 350 passwords in 2010, many with names like '123456', 'killer', and 'xxxxxx.’
Fortunately, there are some tactics that users can use to protect their social media accounts...and themselves.
1) Ditch the easy passwords
According to VeraCode, 60% of social media users have only alpha-numeric passwords, and 50% are slang terms and proper names, like 'Richard', 'Jackson', and 'United.’
Don't give the hackers any ammunition. Make your passwords as complex as possible (8 characters or more) and change them every three months, like your toothbrush. If you're working for a government or news organization, share your passwords with only your most trusted colleagues. Spell out the consequences for disclosing them (up to and including termination) and get their assent in writing.
2) Lock your accounts
You wouldn't leave your doors unlocked would you?
Treat your social media account information the same way. Log out when you’re not using your account. Monitor your accounts for possible intrusion, keep a log of them, and if necessary, report them to the site's webmaster or other authority. The more information you have, the better the IT professionals can catch the bad guys (and make your network more secure).
3) Avoid add-ons
That Facebook app is tempting, but it's also a gateway for hackers to access your information. Decline any apps that aren't directly related to your work or profession, and if your Facebook 'friends' are insistent about roping you in to the next Farmville fad, stand firm and state your reasons why you're not interested. If they don't 'like' the hint, drop them like MySpace.
4) Scan your computer for viruses regularly
If you don't have anti-virus software, get some (we recommend AVG or Hitman Pro, which scans 'the cloud' for malware). Twitter and Facebook are vigilant these days, but no one is perfect--and sometimes viruses get through.
5) Keep your web browser current
Browser providers make updates to avoid viruses. Take advantage of their efforts and update them regularly.
6) Use common sense
If something seems too good to be true, it probably is (especially those Cyber Monday deals!). Understand that visiting a website may mean downloading a cookie or software code that not only tracks all of your movements online and slows down your computer, but also tracks and communicates your password information by tracking your keystrokes.
Infographic by Veracode Application Security