Caught in the web: The dangers of social media

Social networks have become the most important communication medium of the 21st century. There are now 3.6 billion social media users worldwide – roughly 45% of today's population. Access to social media is becoming easier and easier, and users increasingly turn to the available mobile apps. Even when we are on the go, we want to stay in touch with our virtual community without any problems. On average, Germans spend 89 minutes a day on Twitter, Instagram, Facebook and the like. But with the opportunities and benefits that social media has to offer also come many risks. For cyber criminals, they are a true paradise for attacks. Dangers lurk around every corner and they are well disguised…

A dangerous spider web – Traps you should not fall into

Social networks are making us more and more transparent these days. We share our professional successes on LinkedIn, take our friends with us on our vacations on Instagram and take part in social or political discussions on Twitter. In other words: We share our lifes with the whole world every day – and often too carelessly. And if you think that this information is not "relevant" or "confidential", you are very much mistaken.

Making your friends lists public also discloses information on internal structures, your own colleagues or department. The playground for hackers and criminals is large:

Account hijacking: Attacks in which an account is "hijacked" are particularly common. First, the attackers crack the password and change it, so that the actual user no longer has access. Cyber criminals then use the account to send phishing links to the victim's friends in order to elicit login details or sensitive information from them. Of course, the profile itself also contains a lot of confidential information attackers can take advantage of.
Note: Accounts that have been inactive for a long time are particularly affected, so that the attack goes unnoticed for as long as possible.

Social engineering: Social media accounts are an excellent basis for cyber criminals to get specific information about their victims. Social engineering uses details derived from private or professional posts to quickly establish trust in the event of an attack. So, be sparing with information and restrict access to your profile. For further information, see our Social Engineering section.

Angler phishing: So-called "angler phishers" deliberately take on a role on social networks that seems trustworthy and legitimate. For instance, they actively respond to public requests in the comment section as "Facebook Customer Support" and place links to malicious websites. Users are always happy about the quick help and fall into the trap with a single click.

Fake profiles: There are countless fake user profiles. Still, many users accept every contact request without questioning it further. However, it is much easier for confirmed contacts to spy and directly communicate with you. Fake profiles are especially dangerous when they pretend to be your real friends – after all, you can always trust a friend. That is why you should always be careful with unknown contact requests.

Fake login pages: In order to access user data, attackers sometimes even replicate entire login pages. These fake pages often bear an uncanny resemblance to the originals. Users who enter their login details there, send it personally to the attacker. The attack becomes a real disaster if the same password is also used for other services, such as online banking or tools at work.

Single sign-on (SSO): The frequently used single sign-on is very critical. Once the attackers have your Facebook credentials, they can sometimes easily use many other online services. Therefore, you should avoid using an SSO for your social media profiles.

Stay alert and be sparing with information

1. Carefully consider what information you should and should not share on social media.
2. Get yourself acquainted with your privacy settings, since in many cases you can restrict access to your profile even further.
3. Always check the URL in your browser when logging in. Is it really the correct address and a secure connection (indicated by https:// and the lock symbol)?
4. Always be careful with links that are sent to you unsolicited.
5. Be critical of friend requests, especially from strangers.