Being Safe Online

Social Media

Social media apps and websites collect large amounts of data such as user posts which can be secretly collected by attackers. This data is then used in social engineering attacks such as:

  • Phishing: Where fake account profiles or web pages are created to impersonate the victim’s friends or business acquaintances, and these are used to send messages containing malicious links or attachments to the victim.
  • Identity theft: Where collected personal information (such as name, birthday, residence, and workplace) is used to impersonate an individual and launch targeted attacks against victims.
  • Account takeovers: Where collected personal information (such as children’s names, birthdates, and anniversary dates) is used to guess passwords and access the victim’s accounts, which can then be used to spread phishing links, spam, and malware through impersonation.

SAFETY TIPS FOR INDIVIDUALS

  • Limit the sharing of personal information as it can be used by attackers to impersonate you and to guess your security questions.
  • Choose strong passwords that have at least 8 characters and make those characters a random combination of upper- and lower-case letters, numbers, and special characters (e.g., !, $, or #).
  • Be cautious of friend requests or messages from unknown individuals, especially if they ask for personal information. Always verify identities before trusting someone online.
  • Use privacy settings to control who can see your posts, who can contact you, and what information is shared.
  • Be cautious with links and attachments from unknown sources. Opening these may lead to compromised accounts and/or devices.
  • Monitor account activity and notifications for suspicious logins or unauthorized access attempts. Report any suspicious activity to your service provider immediately.
  • Wait to post on social media if the post reveals that you are not home.
  • Treat QR codes with caution as malicious codes can redirect you to fraudulent websites.

SAFETY TIPS FOR ORGANIZATIONS

  • Be mindful of what you share online including social media profiles, websites, and directories. Remove any unnecessary, exploitable personal information (e.g., phone numbers, email addresses, and job titles).
  • Limit access to official social media accounts to a small group of employees. Use role-based permissions to prevent unauthorized access and ensure content is reviewed before being published.

Back to Top ^