It’s easy to be relaxed and unguarded when roaming around Facebook. But with the rise of malware on social media, you better amp up the vigilance.
Facebook, LinkedIn, Twitter, and the like are goldmines of juicy information for crooks.
Once they gather enough personal details from your profile and posts, they can target you with scarily legitimate-sounding email scams. Click a link, and poof! You’re infected with malware.
Or they’ve got their dirty hands on your login credentials to bank, credit-card, and other accounts.
However, you don’t have to stray far from your Facebook or Twitter page to get ambushed. Cyber villains distribute malware through tainted ads, links, and downloadable applications.
And with the skyrocketing popularity of social media among individuals, schools, businesses, and organizations, these abuses are escalating.
Hackers love these platforms, because people tend to be relaxed—if not complacent—when reading, posting, and reacting to information. Users may friend/connect with people they don’t know to build their “tribe,” or they’ll readily interact with strangers.
It’s not uncommon for scammers to create fake profiles so they can engage with—and dupe—unsuspecting victims.
Recently, vulnerabilities in Facebook and LinkedIn allowed the Locky ransomware to embed itself in image and graphic files. Users were warned to avoid clicking on .SVG and even JPG files transmitted via Facebook Messenger.
Last year, the fraudulent rollout of a Facebook “dislike” button—which appeared in people’s news feeds and encouraged sharing—directed people to two different scam sites. There, visitors were asked to sign up with personal information, giving crooks some juicy private data.
Think Before You Click
Links that appear to come from family members and friends may be a ruse. Swindlers can hack your connections’ accounts and send messages through their profiles or post infected links on their social-media pages.
Make sure the language of the message is “in character.” Is it written and punctuated the way your friend would normally write? Would your mom really send you that crazy cat video? Beware, too, of attachments with weird extensions, like .SVG.
When in doubt, check with the sender before you open anything.
Is It Advertising? Or Malvertising?
Ads infected with malware—or malvertising—pepper social-media sites. Since people tend to trust ads they see from “legitimate” companies, they’ll click without hesitation.
That’s when the trouble begins. Clicking on tainted ads can trigger the malware download or send that person to a website that distributes viruses, ransomware, or other bad stuff.
How can you distinguish legitimate ads from fraudulent varieties? While there’s no foolproof method, steer clear of ads that:
- Look amateurishly designed
- Contain spelling, grammatical, and/or punctuation errors
- Resemble clickbait, e.g., promise miracle cures, seduce with celebrity scandal, or entice with overnight success
- Are inconsistent with your browsing behavior (ads are generally targeted to your interests)
Better yet, don’t click on any ads—even those that appear to come from trustworthy sources. If you see something that interests you, go directly to that company’s web page. Alternatively, use an ad blocker.
Bottom line? Practice safe social media:
- Limit what you share
- Engage with people you know and trust
- Be skeptical of attachments, links, and ads
Of course, it goes (practically) without saying that you should always run strong anti-virus software on your computers/network. That serves as your first line of defense against known malware.
Just as important is user education. All it takes is one misstep to create malware havoc on your system. Share these tips with your staff, students, colleagues, and friends.
Has your school or organization suffered malware attacks? Let us know how you coped in the comments section.