Preventing your social media account from falling victim to phishing

When it comes to social media, one of the more famous examples of an account getting hacked was what happened to the Associated Press’ Twitter account in April 2013.  At that time, hackers from the Syrian Electronic Army used a phishing scam to obtain the password to the AP’s Twitter account, then sent out this tweet:

AP Hacked

The tweet was false, of course, and the AP was quick to refute the information and announce that they had been hacked.  However, in a two minute period, the stock market crashed and $136 billion in equity was erased – fortunately, most of that money came back just as quickly as it became apparent that the tweet was false.

This is one of the more famous examples of a successful phishing scam.  In order to obtain the AP’s password, hackers sent out “an impressively designed phishing Email.”  The Email, which appeared to come from legitimate, official sources, asked for the password to the AP’s Twitter account.  Staffers complied, and the account was hacked.

These scams are relatively easy for hackers to run, and those who aren’t aware of them can easily fall prey to this type of incident.  So, how can you prevent you and your staff from falling victim?  Here are a few tips:

1) Train your staff:  More important than anything else – make sure that your staff knows to never give out the password to your social media accounts, particularly if asked via Email.  This type of sensitive information should never be put in an Email, no matter how official the source appears, and even if it comes from an official domain name or trusted contact.

2) Watch for telltale signs of a hacking: My experience with phishing attempts is that the scams frequently use poor grammar, spelling or syntax.  If you see something like this, its usually a dead giveaway.

3) Don’t click the links: Never visit a link from a possible phishing Email – doing so may expose your computer to viruses or spyware.  Many links in these types of Emails may appear to point to one website, but when you hover your mouse over the link, you discover that the link will actually take you to a different website.

4) Change your password frequently: Once a month, at a minimum.

5) Never download an attachment from an unknown Email: Just don’t.  It’s an easy way to accidentally download malware.

6) Don’t automatically trust an Email if it comes from a known and trusted contact: Let’s say a coworker sends you an Email, asking you for a password to Twitter or Facebook.  Before you send the information, contact the person first.  Their account may have been compromised, which would explain the Email.  Again, a clue that the account has been hacked is that it doesn’t sound like it came from the sender, has bad grammar or lacks the usual personal touch that the sender displays.

Any others to add?  Give us your expertise in the comments, and don’t forget to subscribe to the Email newsletter!

Thanks for participating in the discussion!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s