![white-logo.png]](https://www.livingsecurity.com/hs-fs/hubfs/white-logo.png?height=40&name=white-logo.png){kind=logo}
What was the last picture you posted online? Maybe a cute video of your dog in the cone of shame? Or a picture of your kiddos blowing bubbles in the backyard? Either way, we absolutely want to see this explosion of cuteness, but the bad guys do too—and they aren’t there to leave a 👍, a ❤️, or a 🐕. Hackers can use a lot of the information we share online against us, and we make it too easy these days because of social media.
Facebook, Instagram, TikTok, LinkedIn, and whatever else you’re shucking and jiving with this week are great ways to stay connected with your circle. But, unfortunately, cybercriminals like to looky-loo too. So, what can you do to stay safe?
Keep Your Location and Personal Info Hush-Hush
We know you love Snowball; he’s been your frisky friend for years, right? 😺 And he looks so funny with bread on his face. But let’s think about this: do any of your passwords have Snowball’s name in them? What about the answers to your security questions? Uh-oh. We’ve found the first security risk of social media sharing: giving too much away.
Even a basic status update can quickly become oversharing if you use geotagging, or location sharing. For example, posting vacation photos while you’re away is fun but can also let the wrong people know that nobody’s home. You don’t have to be gone for long either—checking in at a local restaurant leaves someone just enough time to break in. It’s best to share these fun memories when you’re back at home.
Sharing your location and other personal information also makes it easier for cybercriminals to craft convincing emails to target you. If you’re regularly checking in at Starbucks on social media, it would be a good bet to send you a phishing email with a $25 gift card or survey link from a fake Starbucks email address. Don’t be an easy target for social engineering; keep your frequent stops private.
When it comes to oversharing on social media, how much is too much? Information like the name of your child’s school, your favorite pet’s name, and your birthday are good examples of information to leave out. Consider what photos to share online and which are better suited as private emails and text messages to friends and family.
Remember: The ‘Delete’ button is a handy tool, but it isn’t completely magic. Chances are that someone still got a peek (or took a screenshot!) before it disappeared. The best way to avoid oversharing online is by following the old adage: less is more.
Reconsider how much information you share online. Otherwise, when it comes time to log in to your trusted apps (like banking, shopping, social media, etc.), you may find a cybercriminal snooping through your files as well.
Hey, Do You Know That Guy?
Like Pokemon cards, friends can be a lot of fun to collect online. 🎵 But you don’t gotta catch ‘em all. 🎵 It can be hard to deny a friend request for a lot of reasons—like maybe you don’t want to seem rude, and you did meet them at that party three years ago—but trust us when we say niceties aren’t worth compromising your security over.
Strangers may want to connect with you on social media to access your friend lists, view your private content, and use this information for some pretty not-awesome things, such as guessing your passwords and security question answers. It’s best to keep your friend lists limited to people that you know and trust.
Don’t accept friend requests from unknown people. Having mutual friends doesn’t necessarily make them safe—and if you don’t have mutual friends, that could be an even bigger red flag. It won’t hurt their feelings if you decline (in fact, chances are they won’t even notice), and it will keep your account safe.
Receiving friend requests from someone already on your friend list can also be a red flag. It’s possible that this new account is a fake one. Double-check that the new account is legit by contacting them through another trusted source (like text or email). If the new account is really your friend, ask if they’re creating a new account because of a security breach. If that’s the case, tell your friend to make sure they changed their password and remind them to turn on two-factor authentication in their settings. And if it’s a fake account, don’t be afraid to hit that “report” button and advise your friend to update their own privacy settings.
Another good rule of thumb is to manage your friend lists at least once a year. Don’t be afraid to go back through and delete people you don’t know very well. Do you really need to see photos of their trip to Cancun anyways? I mean, they didn’t even bring you a T-shirt.
We’ve Caught a Big Problem 🎣
Phishing isn’t just a cool, funky way to spell fishing; it’s actually a really serious cybersecurity threat. Phishing emails and direct messages (DMs) are the most common type: a cybercriminal impersonates a reputable source like a bank, business, or even your employer to gain information, steal money, or spread a virus. Yikes.
As if that wasn’t bad enough, a new type of phishing specific to social media has emerged: angler phishing. This is a specialized attack where cybercriminals impersonate a person or business through fake social media accounts.
This can be anything from a fake business account asking for your email address and phone number to solve a customer service issue, to a fake celebrity account asking for donations or selling products. These accounts aren’t always after your wallet though; they can also be used to spread misinformation about current events, politics, and more.
Have you ever seen someone tag a company on social media to complain about a bad experience? Angler phishers watch for this and then contact those unhappy customers pretending to be the company they've tagged.
Always take the time to verify accounts through the company website, look for that blue verification badge on the social media platform, and avoid clicking on links received in your direct messages or emails.
DMs are the most common point of contact for angler phishing. And if something sounds too good to be true (I'm looking at you, random DM with a $100 gift card) it probably is. Be careful who you follow and always research an account thoroughly to make sure it’s legit before you respond to inquiries.
Tagging Doesn’t Have to Be Forever
Oh boy… your dad is a great guy, but he can’t seem to stop tagging you in embarrassing photos. Even worse, your friends from college tagged you in an old photo—and that’s definitely not water in your hand. 🍺 🍸🥂 What are you supposed to do when your social media feels curated by someone else? It might be time to look at your privacy settings and set up approval notifications for yourself whenever you’re tagged. LET’S START UNTAGGING!
Whether you’re embarrassed, regretful, or just downright uncomfortable about a photo or status that you’ve been tagged in, don’t be afraid to do a little tag removal. Your social media accounts are one of the biggest ways that you present yourself to the world, so you deserve to be fully in control of your image. Remember: your mom, your kids, and your boss can see those accounts. Is this a story you want to tell to any one of them? If the answer is “maybe not,” then it’s time to untag.
It’s totally cool to have a conversation with the tagger about why you’ve removed it from your account, too. Keeping your friends and family aware of your social media standards will save you time and emotional drain in the future.
Lastly, tagging and privacy setting updates aren’t going to remove the photo/video/status from your friend’s profile. If it is something you don’t want public-facing, even on someone else’s account, ask them to take it down. An example of this might be a photo of your vehicle with visible license plate information or the front of your home.
As you think about your tagging standards of excellence, remember this goes both ways. Tag the way you want to be tagged.
To Be Private, Or Not to Be?
Should your account be public or private? The safest answer is to always keep your accounts private to people you don’t know. Boom. Question answered. *drops mic*
But seriously, keeping your personal information as private as possible will help keep you safe. Hide your content from unknown eyes by setting your account security to “only friends can view.” Even pieces of information that seem small can be used by cybercriminals to hack or social engineer the unsuspecting; don’t give them more ammunition!
It’s also a good idea to scroll back in your accounts every once in a while and check the privacy settings of what you’ve posted in the past (and what you’ve been tagged in). Make sure everything is still content you’re proud to share and that it doesn’t give too much away. Is that photo or status a story you’d be happy to share with anyone? If not, it’s time to delete or change those privacy settings.
Scrolling through your accounts is also a good opportunity to back up any photos or videos you love for safekeeping. Save a copy to your phone/computer or send it up to the cloud. Even comments and text posts are easy to save—just take a screenshot! 🤳
Treat Your Passwords Like Unicorns
Believe it or not, the most common passwords in the world are still “password,” “123456,” and “qwerty.” In an effort to nudge users towards more secure passwords, platforms have become more specific in their password requirements by adding minimum characters, numbers, and special characters… so now we see things like “password123!” 🤦♀️ If this sounds like you or someone you know, let’s talk.
We use our social media accounts every day, so keeping our login credentials safe is essential. Change your passwords often; we recommend every six months or more if you suspect a security threat such as a friend hack or data leak. Having the same password for long periods increases your chances of being the victim of a cyber attack.
Treat your passwords like unicorns—they should be rare and powerful. 🦄 Keep your passwords magical by not reusing them across multiple accounts. They might be easy to remember that way, but it puts all of your accounts at greater risk of compromise. After a data leak, cybercriminals plug your stolen password into all of your other accounts to see what sticks (this is called credential stuffing). Don’t let one compromised account become many. If you have too many passwords to remember, download a password manager so that you’re only responsible for remembering one really strong master password.
Lastly, don’t be afraid to get creative when coming up with new passwords. Try using a passphrase that will be hard to forget or a secure password generator to keep those cybercriminals guessing. And don’t forget to enable multi-factor identification on your accounts. That extra step can stop cybercriminals in their steps.
