The social networks they are platforms that are part of our day to day. There are many types, they are very useful and allow you to be in constant communication with others. However, they are a major problem also for security and privacy. In this article we are going to talk about it. We are going to explain how they can attack us through the RRSS, give some advice to be protected and why it is essential.

How social media works

We can say that social networks are a widely used means of communication, information and entertainment today. There is a wide variety of platforms available of all kinds. For example we can name Facebook, Twitter or Instagram, which are some of the most popular today.

Now what do they consist of and how do they work? Basically they are a system that connects users to that platform. Each of us will have an account, a unique registry, and from there we will establish contact with other users who are part of that social network. We will be able to send messages, publish comments, follow contacts, upload images or videos…

To connect to a social network you can use different methods. You can usually enter web version, to which you have to enter from any browser and put your data, but you will also have the option of one application mobile or for computer. In both cases you will have to authenticate yourself with your data and there you can access the different resources that each platform has.

Are safe and private social networks? The truth is that there are different types of attacks that we can suffer, as well as problems that can compromise security and privacy. Next we are going to talk about it and give some interesting advice. The objective is to use these services in complete safety, without making any mistakes.

Why protect our networks?

Today, a large number of threats can be found throughout the network that threaten the security and privacy of users. And social networks are one of the main means by which these attacks are launched. Luckily we can also find multiple tools that help us maintain our security, and avoid these derived problems.

Maintaining security and privacy are different but uneven in importance. This is good for our data, and for our teams, which can also be affected by attacks, even to the point of rendering them useless.

But these problems often do not come due to security flaws, but rather due to the interaction of the users themselves. Therefore, when we grow up to protect our networks, it is also necessary to apply common sense, since it can help us not to compromise security because of our own actions. Both Facebook and Twitter, Instagram, TikTok, and ultimately any social network, should be used with caution. And in the event that it is minors, always under the supervision of an adult.

Types of attacks on social networks

Let's show what are the main attacks and threats that we can suffer on social networks. Most of them will aim to steal passwords or cause a system malfunction. It is something that can affect regardless of the operating system we use.

Phishing

A Phishing attack aims to loot the credentials of our accounts. It all starts when a message is sent posing as a legitimate company or organization. In this case, we mean that they are posing as legitimate messages from social networks such as Facebook, Twitter, Instagram etc. when they really are not.

That message we receive generally contains a link that directs us to a cybercriminal website or malicious file. Without a doubt, we find a case of identity theft of a company in which the victim will think that it is on the official site. The goal of a Phishing attack is that the user, by logging in normally, ends up handing over their account data ( user + password ) to the cybercriminal.

The Phishing strategies used by attackers can be very varied, but here are some measures that can help prevent them:

We should not log in from email links.
You also don't have to open or download attachments.
You have to analyze the grammar and the aspect of the message. If you have misspellings, and the text seems to have been translated from other languages and it's wrong, be suspicious.
Check that the link has the correct domain before clicking on it.
Protect the account with multifactor authentication.
Keep our equipment conveniently updated with the latest software updates. Also, measures like having a good antivirus and antimalware software are highly recommended.
As you can see, we have different strategies to try to sneak in a malware through a Phishing attack.

Real examples of Phishing messages on social networks

Facebook is one of the most popular social networks, and also one of the priority targets for hackers. We have better and better protection methods to protect our accounts, but also attackers continue to work to break down those defense barriers. One of the Phishing strategies most used by cybercriminals with the aim of stealing credentials is the social engineering.

In this sense, the Phishing directed. In the message received by the victims, they show their private information such as:

Name and surname.
The place where they study or work.
These data to make that message more credible, as you will have deduced yourself, are obtained from Facebook. Another aspect that we must be attentive to is also to malicious ads. Facebook has security measures to avoid this type of action, although occasionally some are introduced. Thanks to these bogus ads, they can allow malware to be downloaded or redirected to attacker-controlled sites, they can allow malware to be downloaded, or redirected to cybercriminals-controlled web pages.

Without a doubt, another of the most used Phishing strategies on Facebook are the links that we receive through Facebook Messenger. Here you have to be very attentive and exercise caution, measuring our steps very well. In this sense, although Phishing attacks are one of the most widely used, there are more. For example, it could be links that direct us to malicious websites with software designed to infect our equipment, or it could also be cheating and false advertising.

Also, we would have to talk about danger of bots or false profiles. Thanks to them, the attackers could introduce comments on our profiles or on the groups we are in. There they can use malicious Phishing or other links, use them to collect information, or attack us in some way.

Instagram has become one of the main social networks for many influencers. In fact, some of them can live comfortably doing their stories and publications on this popular social network.

Both professionals and people who are just starting out can be a victim of cybercriminals' Phishing strategies. One of the most used resources is the one in which we receive a notification that our account has violated copyright. In the message we receive, in addition, the logo and header of Instagram appear and, in addition, the sender has a shipping address very similar to the original one.

Another issue to highlight is that the attacker offers a short time to solve the problem. They generally leave 24 hours, although in some cases they have been seen to give a period of 48 hours. In cases where the speed strategy you have to be suspicious. This is widely used in attacks, both from Instagram, Microsoft accounts and even with banks.

If we click on a message link, we will arrive at a very convincing website that, as I mentioned before, it does not lack detail since it includes a logo and the rest of the elements of the official website. In case of going ahead and following all the steps, our account data will end up in the hands of the attacker. Now we are going to see a practical example of a Phishing attack on Instagram. The way of acting is similar on other platforms because they use the same method.

One of the Phishing strategies they used was to send a message to Instagram users offering them a special band or badge for our account, which obviously does not exist. The first thing we see is a message like this in order to get the badge / promised badge. Next, what we would have to do is click on Next.

Then, in that form we are asked to enter our Instagram username and password.

If we do, our account will unfortunately have fallen into the wrong hands.

The LinkedIn platform that many people use to find a job, improve their current job, or search for a candidate's profile for a job, It is one of those that has suffered the most from Phishing attacks.

In this case, we receive a message urging us to click on a link, because otherwise, our LinkedIn account will be disabled. As usual, if we analyze it in depth, we would find that the sender's address does not correspond to the domain. We will also discover the lack of message customization and grammatical errors along with the link to a fake site. Finally, if you complete all the steps to reassure the victim, he usually redirects her to the LinkedIn official website.

On Twitter, the social network that talks about the latest trends does not get rid of Phishing either. In this sense, we must also be very attentive to the messages and links on which we click. Here is an example of Twitter Phishing where they seek to obtain the usual dаta: username and password.

As you can see, on all these platforms they use similar Phishing strategies to steal our accounts.