Social media and digital identity. Prevention and incident response

The hack of a social media account is a common incident that could have a serious impact of our digital identity. How to prevent it? What to do in case of hack?

Social media, cloud computing and mobile are technologies that most of all attract cybercriminals due their high penetration, exploiting this channels attackers could access to the huge amount of data belonging to a wide audience. Almost every netizen has one or more social media accounts, and it often have been hacked.

The 2013 Norton Report confirmed that social media are considered a relevant source of problems due risky behaviors of users, 12% of the users revealed that someone has hacked their account. The  report shows that in 39% of cases users don’t log out after each session and 25% share social media credentials and one in three accept request form unknowns.

These risky practices are very dangerous and are considerable as the primary cause of the increment of cyber attacks, on the other side cyber criminals are adopting hacking techniques even more sophisticated.

Cybercrime and cyber espionage are the primary cause of attacks against social media platforms, one of the most blatant was the attack on Facebook against the account of NATO’S most senior commander.

Hackers could compromise a social media account in various ways, they could use malware, conduct a spear phishing campaign,  compromise a third party application or with other social engineering techniques.

A few hours ago social sharing service Buffer was victim of a cyber attacks that caused the abuse of numerous unaware social network accounts.

I’ve written many articles in the past to explain how to protect our digital exposure on social media managing with care what we disclose on these powerful platforms and how to avoid ugly surprises.

How to discover that a social media account has been compromised and what to?

In some cases it is quite easy to discover that a social media account has been compromised because immediately hackers abuse of it sending out messages to the networks of contacts, in other cases this not happen and the attack is more insidious because attackers could maintain the control of the account for a long time to operate in stealthy mode. The signals that portend an account being compromised are:

• Unexpected communication from the social network that inform users of operations ever undertaken by the victims such as email address change or change to profile settings (e.g. Picture, privacy settings)
• Automated likes, follows/un follows or friend requests.
• Private messages sent to the contact within the victim’s network of contacts.
• Addition or purchase of new apps and games never requested.
• Status updates/tweets that user never made

What can you do to avoid being compromised or exploited?

1. Actively manage your privacy settings
2. Don’t accept friend requests from random people. Share your data with fewer people, and only those that you really do know. Confirm with your friend via SMS / phone, before accepting online. Actually know the people you are befriending! Follow up any flagged concerns you may have about a friend’s online behavior – they may not be who you think they are, or their account may have been compromised.
3. Be aware before in the click URL generated by the link shortening tool (e.g. Bit.ly), it could be useful to analyze the URL expanding it with tools like LongURL and evaluate if it is a legitimate link.
4. Think before you click. Never click on suspicious links. Just because they “purportedly” came from a friend or organization you know, does not make them safe. Report any abuse to the network service provider. You will be helping others be safer as well.
5. Never enter your username/password on a site that is not using the URL of your social network provider.
6. Always update your browsers and anti-virus to the latest versions as they can protect against phishing and other attacks.
7. Clear and delete old social network accounts. Over time you stop using accounts for one reason or another. Make sure the social network provider deletes them.
8. Don’t assume your online correspondence is private. Many accounts have a default setting to ‘share’ (indiscriminately publish) when first created. Anything shared can be saved (and stored forever), copied, and can of course even be indexed by search engines.
9. Don’t share your location. Turn off broadcast features. Don’t leave notes saying you are on holiday. This is an invitation for criminals to visit your home.
10. Use with care that authenticating Apps. When a user authenticates an application to his social media account he must be sure of the capability of the third part to manage his social network. An attack against the app could be leave users unprotected. So review with care the application you are trusting on a regular basis and revoke applications you no longer use.
11. Use unique passwords for each account and never share them across networks.
12. I suggest to activate two factor authentication if social media provide it. Principal platforms like Facebook, Google+ and Twitter provide it, Facebook and Twitter use 2FA based on SMS while Google uses an application on mobile devices to generate a authentication code.

What to do the account has been compromised?

Following simple recommendations to follow:

1. Change the password immediately.  It is a wrong habit to share credentials within different web services, be sure to change also the password for all of them.
2. Scan for malware the infected host to remove the presence of malicious codes.
3. Review installed apps and remove apps you don’t recognize. In the worst case remove revoke access to all applications and give authorization to them selectively.
4. Check if the attacker has changed the default email address for the hacked account, if it has been changed restore it.
5. Notify the hack to your network connections to avoid propagation of the attack.

If the user is not able to perform the password reset procedure the last option is to request the support of social media contact center via email or phone.

Concluding …. be sure to properly protect your social media account, a few simple practices could avoid giving attackers the keys of our digital identity.

Pierluigi Paganini

(Security Affairs – Social Media, security)