How to Protect Social Media Accounts from Being Hacked
An interview with onomy and Kurtis Minder, CEO of GroupSense, discussing how to protect social media accounts from being hacked, how to get your accounts back if they get hacked, and other important online security tips.
How to protect social media accounts from being hacked
Ever receive a notification that someone is trying to access one of your accounts? It’s the type of notification that typically causes your stomach to drop, and these days it’s becoming more common.
Whether you’re on Instagram, Facebook, Twitter, LinkedIn or TikTok, you’ve likely hit “publish” on posts that share major parts of your life, ranging from announcing a new job to sharing sensitive personal information. Not to mention, you’ve also likely got tons of private messages in each of your accounts that you definitely don’t want viewed by anyone’s eyes other than your own.
So how often are social network accounts actually hacked? How can you limit how susceptible your accounts are?
In this article we’re talking to expert Kurtis Minder, CEO of Groupsense, to discuss how you can protect your social media accounts and other online profiles. Minder has over 20 years of information security experience, there are measures you can take to protect your online identity.
Why do hackers target social media accounts?
The main goal of hackers is to establish credibility that they don’t currently have. For example, if your friend reaches out to you versus a stranger, you’re more likely to trust them. Essentially, these hackers are attempting to steal trust in order to get to the next step of their scheme. The next step for most of them is basically a form of phishing.
What is phishing?
Once hackers gain access to a social account or email account, they’ll send a message with a link to your friends or send it wherever they can. If someone else then clicks on that link, any number of things could happen. In the more simplistic attacks, hacker are most likely trying “credential harvest” or “PII harvest”.
The main goal of phishing is usually to try to get you to sign up for something. They’ll pretend they are your friend — somebody you trust. You may have seen this happening across instagram profiles with friends posting random stories about how they’ve worked with a crypto investor and made a bunch of money. This is one of the more recent scams going around on the internet. Often times, it might look very legitimate!
The more sophisticated hackers will use things like embedded malware in websites that might actually infect your computer, which can be used for corporate espionage or any number of things.
How you can protect your social media accounts from being hacked
4 ways to protect your accounts from being hacked
When you talk about protection, it comes in several different forms. Here are some of the best ways to protect your accounts according to Groupsense. The more of these protections you add to your profiles, the better. Keep in mind that many of these things may already be built in to your accounts, but now is a great time to check on all of them!
1) Use strong passswords
Don’t use a password that you use for other things. If you’re like us, you might have been using the same password of your pet’s name + your favorite number + ! on all of your accounts for the past few years. This is NOT GOOD. If this is you right now, take this as your sign to switch things up!
There are plenty of tools like OnePass and LastPass that can help you protect and manage all of your passwords, because it can get difficult to keep track of them all!
2) Take advantage of 2-factor authentication
Most of the legitimate or more established social media platforms also support MFA, multi-factor authentication. If your accounts aren’t set up with 2-factor authentication yet, you should set this up now. You’ll get a notification of any suspicious activity of anyone trying to login to your account that you’ll have to verify with another device you own. This is a great way to monitor your accounts.
3) Always reads the Terms of Service and look at your privacy settings
Whenever you sign up for almost any web-based service, whether it’s social media or otherwise, there’s usually Terms of Service. Some of these new platforms don’t even bother with that. So that means you have no rights as a user. They have access to everything you post, they could do anything with that data. And you might have seen, for example, some of the social media platforms were hacked.
Facebook spends tens of millions if not hundreds of millions of dollars a year securing their users’ data. Some of these new ones do not do that. And so you’re also putting yourself and your data at risk by using these newer platforms that aren’t necessarily taking care of you as a user.
4) Check your account’s privacy settings
Inside your account, you might think about things like your own personal privacy in two directions. One, things other people can see and things that the social media platform can see and harvest.
Facebook has a section under settings in privacy that allows you to turn a lot of those things off. Usually they want this information to target you with ads. You’ve probably had a scenario where you suddenly are getting ads for a thing that you were interested in and you’re wondering how they knew that. It’s because they have access to a lot of your data. And you can turn a lot of that off and you can make some of those permanent. So, the privacy part toward the social media provider itself is important.
There’s also privacy for when you post things. So, who can see those things? What happens when too many people can read your personal information without being your friend? Well, they learn a lot about you as an individual, where you go, where you shop, what restaurants you go to, what time you go to the gym, when you go on vacation you post selfies. You don’t want complete strangers having access to that information, especially if they were going to rob you or do something similar, right?
What to do if your social media accounts get hacked
According to Minder, it depends on the platform for what options you have to recover your accounts. Most of the platforms do have a method of reporting this and locking the account and most of them are pretty responsive about it. That doesn’t mean you got your account back right away — that might take longer. But you can usually at least report the suspicious activity so that it cannot continue to cause harm until resolved.
Groupsense tells businesses to have a plan before it happens, and this is recommended for individuals as well. You may want to go as far as to draft what you might say to all of your friends and users to warn them should this happen so you can respond in the moment while you’re flustered.
Here’s an example draft you can use:
‘Hey, I believe my account was compromised. I’ve reported it to X social media company. Please do not respond to, click on any links. Or if you receive a message, maybe also report this profile as fraudulent,’
Having a plan to disseminate that message in advance of an attack can alleviate stress and help move the process of retrieving your accounts back along even quicker.
Frequently Asked Questions
Is it safe to link a credit card to a social media account?
According to Minder, it depends on the platform and how their payment system works. Most of them are going to use a separate payment platform system that you’re probably already linking your credit card someplace else to. So it wouldn’t be any different than linking it to Amazon. So logistically, you’re assuming almost the same amount of risk as if you just use it at your online store.
What are some general online security tips?
1. Clean up your online profiles
Make sure your posting content that you’d be okay with future employers looking at, because they will look. There’s also something to be said for having NOTHING on your social profiles, which could be seen as negative.
2. Look at your privacy settings
Looking at privacy settings, looking at what you are posting. For example, LinkedIn, which is very corporate-focused, keep it that way. Don’t put your personal stuff on there, your fun stuff on there. Keep it very professional.
3. Be aware of OpSec
OpSec or operational security is something else you’ll want to be conscious of when posting online. For example, especially in the pandemic, one of people’s favorite things to do is, “Hey, I’m working remotely,” right? They go to the coffee shop and they post a ‘selfie’. And they take a selfie of themselves. And what else is in that photo? Their computer and the screen and everything that’s on the screen.
In addition to the fact that there might be personal stuff, there also could be corporate data, things like that. You put your company at risk, so this is something everyone should be aware of!
Is it risky to work on public WiFi networks?
Minder says, “there’s certainly high risk. At a minimum, you want to use some sort of VPN or zero trust Network Access Tool, depending on what you have available to you.”
VPNs are extremely inexpensive and they provide an extra layer of encryption between you and the outside world that makes it more difficult for someone on that same wireless network to see your traffic.
more articles to check out
Get your questions answered from our quick articles that simply explain concepts you need to know.