Early this week, some people have been complaining about indiscriminate tagging on Facebook of an account they are not familiar with. Unsuspecting users may have clicked on the links and helped spread malicious software.
The origin of what experts call “malicious tagging” is still unknown but based on the report from Inquirer.net Facebook confirmed the existence of the page that tags people after the Department of Justice’s Office of Cybercrime received reports. The link, according to news reports, contains adult content.
To the learned, all the red flags are there: indiscriminate tag from unknown user or page and a link. But for the ordinary users, especially those who are active in public pages, this may look “normal” and they would click the link without knowing that they may either be assisting in spreading malicious software (malware) or compromising other people’s accounts.
NPC is looking into sudden surge in cloned Facebook accounts
50 million Facebook users affected by security breach
According to Kaspersky, this may be another case of social engineering, that age-old — but still very much reliable — form of hacking human psychology.
“Social engineering is a manipulation technique that uses human psychology that cyber attackers use to trick someone or to lure unsuspecting users to expose data, spread malware infection, or give them network or computer access,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky. “Scams based on social engineering are built around how people think and act. Attackers may use emotional manipulation to convince you to take an irrational or risky action that you otherwise wouldn’t. Fear, excitement, curiosity, anger, guilt, and sadness are emotions normally used to convince an unaware, clueless person.”
In his book “Ghost in the Wires,” famous “hacker” and now a cybersecurity expert and speaker Kevin Mitnick used social engineering heavily to gain entry to various networks. Simply put, he would impersonate someone (could be an IT administrator) and convince someone from a company to give out passwords.
But while Facebook has not confirmed if it is social engineering, Kaspersky gives some tips on how to secure accounts.
- It’s cliché but the rule of thumb in internet security is always think before clicking.
- Set a strong password.
- On social media, take advantage of the security and privacy features of your favorite platform. You can control who can tag you or who can see your posts. Because Facebook regularly makes changes to its settings, it’s worth your attention and time to check your own saved settings from time to time to update it for maximum privacy.
This will not be the last of these incidents, especially that Facebook is a gold mine in terms of data for cybercriminals.
The Security Settings is there for a reason. Try to revisit it from time to time because Facebook doesn’t always announce security updates. Here is Facebook’s Help Center.
If banks require multi-factor authentication (MFA), treat your Facebook data like your money in the bank. Activate MFA, the two or three additional steps to log in is a small price to pay compared to when your account is compromised.
Change passwords like you change your toothbrush. If remembering passwords is difficult and troublesome, Mitnick shared a tip on how it is OK to write down your passwords. You can choose to write the first or the last four or five letters, numbers, or symbols. He said that you will remember the rest once you see them. (Crosses fingers.)
If you feel something is not right, follow your instincts. Consider anything from people you don’t know malicious, if not harmful. You can check mutual friends or Google them.
The phrase “Think before you click” is the best thing you can do to protect your accounts. One cybersecurity expert once advised organizations in terms of their security posture: Act like you have been breached. It means that you have to strengthen the security of online accounts.
If you think your account has been compromised, change your passwords and report it to Facebook at once. While these are not foolproof solutions, it is still advisable to always secure your account.