Social media websites serve as platforms for global interaction and the sharing of ideas, but are simultaneously a platform frequently leveraged by cyber threat actors. Cyber threat actors target social media accounts in takeover attempts, with the goal of posting fictitious or embarrassing information. Cyber threat actors may also use personally identifiable information (PII) posted by you or friends to build a profile about you, including your identity, location, relationships, and affiliations.
This information makes you more susceptible to identity theft, spear phishing emails, virtual blackmail, or potential physical threats.
In addition, there are several scams which target the friends, family, and co-workers of a compromised account, and may result in financial loss or account compromise for additional victims. Appropriate usage of social media accounts and implementing proper security procedures is the best way to protect against these threats.
Do not post any PII(personally identifiable information) such as your date of birth, telephone number, home address, or images that identify your job, hobbies, family, and friends. This information may often reveal the answers to security questions used to reset passwords, making you an easy target to victimize by giving malicious actors easy access to your accounts and secured information.
Do not post anything you would be embarrassed to see on the evening news. Everything posted online becomes a permanent part of the Internet; assume it may become public.
Do not accept friend/follower requests from anyone you do not know.
Be cautious when accessing online accounts from public Wi-Fi connections. It is possible for malicious actors to capture login credentials and other sensitive information.
Passwords should have at least 10 characters and include uppercase and lowercase letters, numerals, and symbols. Do not use the save password, “remember me,” or keep me logged in options. Do not share your password with anyone or write it down. Do not use the same password for all of your accounts. Make sure the passwords for your financial sites are not permutations of your other passwords. Change passwords every 60 days.
Use multi-factor authentication if available.
Do not use your social networking website to login to other sites. If that website becomes compromised, then all accounts associated with that website are vulnerable. Create a different user account on the new website instead.