By Ryan B Chan
While cybercrime usually impacts businesses, there is still a significant risk for individuals through social media phishing. While phishing has historically been done via email where users would click links that would expose them to malware, a study by Blackhat found that social media phishing attacks were up to 66 per cent more effective.
“Threat actors will move to more low-hanging fruit. They’ll look for the people who are easier to compromise,” said Scott Banks, a cybersecurity expert.
Phishers will pose as organizations or as ‘real’ individuals and direct message links to public profiles where they can either install malware or find information to compromise your security.
Kyle Baylis was hacked on his Instagram account in late 2020 and still hasn’t been able to log back in.
“I just find it frustrating that it’s so easy to hack nowadays. And when you do get hacked it’s almost impossible to get your account back.”
Baylis said his hack was unique and new. A friend had messaged him and asked him to resend a link back to her account. As soon as the message was sent, the account was gone. Instagram has yet to help him retrieve his information.
“The problem with social media is that people are obsessed with telling their stories,” said Banks. “Every detail of their life, their history, where they are, what they like, what they don’t like and they are serving up a lot of actionable information to anyone that would want to compromise an account. A lot of the problem comes from the questions provided by malicious actors being able to guess the answers that are used as security questions for your account.”
Major corporations have improved their cybersecurity by swapping to Two-Factor Authentication (2FA). This requires users to verify when a log-in attempt is made.
Most people tend to ignore the 2FA option as they find it inconvenient, but some business sectors are catching on to the importance of cybersecurity and are making it mandatory. Finance, health care, defence, law enforcement, and the Canadian government are all requiring employees to use 2FA.
Banks said that most people don’t really know what’s at risk when their compromised and that the extent of damage is not just to them, but to their friends and family too. This echoes Baylis’s story since it was a friend’s compromised account that direct messaged him the link that compromised his Instagram.
“Realistically there is no 100 per cent secure mechanism to use. It’s just a matter of what things you can do to reduce the probability of someone being able to compromise your data,” Banks said.
|Tips to help you keep your accounts safe according to Scott Banks|
|– Create complex passwords |
– Don’t reuse passwords
– Don’t click suspicious links, even if it seems like family or friends
– Check your phone for Malware
– Check if you’ve been PWNED by seeing if your data was compromised during a data breach.
– Choose a private profile over a public one
– Use two-factor Authentication