The risks of baring all on social media

Welcome back to my weekly cyber security blog and I hope you all had a wonderful week. In today’s connected world, our online presence is central to our lives like never before. We stay connected with our friends and family wherever they are through social media. Whereas in the past our social contact was mainly with people who lived or worked nearby, now, through social media, we can connect with those with shared interests or beliefs anywhere in the world. As both adults and children spend more time on social media platforms, they learn more about us, and their algorithms customise our apps, filling them individualised AI curated content designed to engage and entertain us. Our social media accounts quickly become extensions of ourselves, revealing what we like, where we are, what we are doing, what we think, and who our friends are, to anyone on the internet. There are multiple positives to social media and, we can without doubt say that it has changed the world, there are risks that we must all be aware of to use it safely. Over sharing on social media can leave anyone at risk from scams, identity theft, cyber-attack, cyber stalking, online bullying, and even physical threats. This is an overview of this important topic, and I will be writing more posts over the coming weeks that explore these areas in more detail. This week my friends let's talk about keeping ourselves, our friends, and families safe, what should we say to an internet that never forgets.

Do you know what they know?

It does not just seem like everyone is on social media, they really are. According to figures published by Statista, 91% of the UK population are active on social media (estimated to be 94% by 2028), WhatsApp is in use by approximately 75% of people, Facebook by 70%, and Instagram by 56%. Over time, our social media accounts store increasing amounts of data about us, from our posts, likes and comments, to private messages, photos, and videos. One important thing to consider is just how much of this information we make public. Let’s take an average person, we’ll call him Alex.

Alex was born in the UK in 1999, and signed up to Facebook when he was thirteen. Over the years as he grew up, he posted pictures and videos of himself and his friends, and they tagging each other in pictures and videos. Alex moved on, he went to college and then on to university. Throughout his time, he joined different clubs and Facebook groups, followed pages, commented on, and liked some political posts, got drunk and took some embarrassing photos, and posted some awkward comments. After graduation Alex got a job and posted pictures of his first day at work, and of course throughout all that time developed an ever-increasing list of Facebook friends. A typical social media history for someone in 2024.

There are varying ways to look at this, first from a cyber-security perspective. Alex has shared significant amounts of personal data online, a simple search for him on Facebook will probably reveal his picture, his age where he went to school, where he went to university, who he knows, and where he works. All this information is useful for cyber criminals, scammers can create very convincing targeted phishing messages using all this data (AI can automate this). There would be enough information to guess at his passwords (looking out for pet’s names, children names, favourite holiday destinations). There is even a risk that someone could impersonate Alex’s identity, stealing money and taking credit out in his name (what security questions does your bank ask – first school, first pet, mother’s maiden name, etc, and how much of this is visible on social media).

Cyber stalking ?

Understandably, this is not something that most people want to think about, but having too much personal information publicly available can open a person up to the possibility of being cyber stalked. A cyber stalker could be an ex-partner, ex-friend, or acquaintance we no longer want to see, if you are employed or own a business, an angry customer or client, or of course, a stranger who simply became fixated on our online profile. One of the important ways of protecting ourselves and our loved ones against this threat is the protection of our devices and social media accounts, and I’ll cover this in more detail below.

Sextortion

Often, the most disturbing and heart breaking cases of social media abuse are cases of sextortion. This can take different forms, adults who have taken intimate pictures with a partner of ex-partner being threatened with their public release (this is also known as revenge porn), a threat actor hacking an iCloud or Google account, finding photos and demanding money from the owner in order to not release them publicly. Or, in an increasing and disturbing online trend, overseas gangs targeting teenage victims by impersonating other young people and persuading them to take and send nude photos of themselves, following which they are threatened that these will be released to their friends and followers unless they send money. This horrendous type of crime destroys lives and is now being targeted by new laws to help combat it. There are things we can do in terms of account security and improved awareness.

Making things better

There are actions that we can all take to increase the security of our social media accounts. In the case of cyber-stalking, one of the most important defence measures is keeping the stalker out of our accounts and devices. Think DAILY

Device - Keep your mobile device updated with the latest security updates and make sure to setup a screen lock with Touch/Face ID and a complex password.

Authentication - Use strong passwords and multifactor authentication on your iCloud, Google, and all social media accounts. There is no need to think up new passwords manually for every account, instead use a password vault like Bitwarden, ProtonPass or Dashlane to generate and store them. These vaults can also process multifactor authentication directly, which is more secure than using SMS codes.

Information - On most social media platforms, the default privacy settings are not enough. Review your privacy settings on all social media platforms to control who can see your account.

Look - Look through the information you have posted publicly on your social media accounts, if sensitive information like your address, date of birth, email address, mobile number, or personal history is publicly available, either hide or remove it.

Yours - Avoid logging into any social media or messaging accounts from public computers or other people’s devices, as if you don’t fully sign-out on that device then your account can remain accessible afterwards.

Making things better (specifically)

Below are privacy settings I would recommend reviewing for the some of the most popular social media platforms.

Facebook

Facebook encourages us to enter substantial amounts of personal information, where you went to school, where you went to university, where you work, your date of birth, your relatives… the list goes on. On your Facebook profile, you can who can select who can see each piece of information. You should restrict sensitive personal information either to just yourself, or to your friends. In the Facebook App settings menu or on the website, you can access the Privacy Checkup which will guide you through some of the crucial privacy options. Finally, look at your friends list on Facebook. Your friends can see more about you, so make sure you know who they are.

WhatsApp

WhatsApp has a Privacy Checkup accessible through the app settings menu. When running this, pay particular attention to who you let see your status, when you were last online, your profile picture, adding two step verification to your account and encrypting WhatsApp backups. From the app Privacy menu, you can also turn on Screen Lock which protects WhatsApp by requiring Face/Touch ID, or your PIN when opening the app. Finally, scroll down to the Advanced submenu where you will find an option to hide your IP address in calls.

Instagram

This app has fewer privacy controls than Facebook and is an area where I would like to see Meta add more functionality. The main security control for Instagram is making your account private, which restricts your profile and posts to only your approved followers. This is especially important for the accounts of teenagers. Unfortunately, Instagram does not provide a way to hide your list of followers (like you can on Facebook), so for teenagers it is especially important to be careful who is following them. This is unfortunately one of the most common ways that a sextortion scam works, by getting on a teenage account holders followers list, the threat actor can see all their other followers, and know who to threaten.

Social media is now a central part of all our lives, it’s how we communicate and share with our friends and families, in many ways an online extension of ourselves. Despite how this blog may sound, I am not suggesting that we all stop using it. What we need to do instead is take control of it. Cyber security measures like protecting our devices with Face/Touch ID to keep them safe, strong passwords and multifactor authentication on all social media accounts helps keep hackers out. Taking control of our privacy and data by being more careful about what we post on social media, and restricting who we allow to see it, especially for our children, will make a real difference in keeping everyone safer in our digital social world.

I believe in our cyber security community and that by sharing and helping each other that we can all be safer. So, everything above is just my opinion, what’s yours? Please share in the comments below and stay safe.