How social media mistakes can impact cybersecurity

How social media mistakes can impact cybersecurity

We talked to members of our Malware Removal Support team and asked them what kind of problems they get asked to solve for our customers.

To understand why they get to handle these questions, it is also necessary to know that the Malwarebytes software is unable to resolve the problems users are facing. Many of these problems can be categorized under the header of trusting the wrong people.

Privacy concerns

You know how it freaks people out when Facebook shows them advertisements for things they have only just thought about buying? Many wonder how Facebook knows this.

They say, “I haven’t searched for the item yet, but here they are showing me this advertisement.”

It gets even worse when people have had a private conversation about it, and they think the advertisers or the platform has been eavesdropping on them.

Most of the time that is not true. So, how do the platforms know what ads to serve you?

  • Algorithms are smarter than most people think. Have you heard the story about the family that got coupons for baby cloths and cribs even before their daughter told them she was expecting? We humans are way more predictable than we’d like to think.
  • Users of social media and Facebook in particular tend to forget how many people can see the “public” part of their profile and posts.
  • Websites share information about your scrolling behavior through cookies, FLoC, and other trackers.

Some people get so convinced they have spyware on their system that they contact our support team to help them get rid of it. All we can do is inform the public and point those looking for help in the right direction.

More Facebook concerns

Besides people not securing their Facebook settings and making everything public, they also make more blatant mistakes like posting their email addresses, clicking on links to surveys in Facebook, clicking on unsolicited links in Messenger, and answering posts that phish for information that makes it easier to guess your passwords.

phishing question

This comment by one MRS agent during our discussion says a lot:

“I had 2 friends on Facebook today get their profiles taken over because they clicked links they shouldn’t have clicked.”

In cases where these mishaps go wrong, all our Support team can do is tell people they have to contact Facebook as unfortunately we can’t help them.

Other password shenanigans

Another privacy related concern we often get asked about are the sextortion emails that try to intimidate the recipient by telling them the attacker has their password. But that password usually originates from some security breach and the sender has just found it in a data dump somewhere. A quick way to check is a visit to the Have I been Pwned? website.

If you do get an email like this, you should change the password anywhere you use it. And please use Multi-Factor Authentication wherever possible.

Social media and scams

Social media is a perfect way for scammers to reach a lot of people, and we often see them using this to round up victims. There are many kinds of Bitcoin scams to be found on YouTube, Twitter, and other platforms. And along with Tech Support scams, Ponzi schemes, misinformation, and many phishing attempts, you can find every kind of scammer on social media without having to look very hard.

A few more tips

To round this off we assembled a few other mistakes our team sees a lot. So steering clear of these can save you a lot of trouble.

  • Letting browsers save their passwords. Use a password manager or password book for them, especially if you are sharing your system with others.
  • Never backing up their system. We understand it can be cumbersome, but imagine the misery when you lose access, be it because of ransomware or a hard drive failure.
  • Using cracks and keygens. The oldest trick in the book to spread malware is to tell visitors that it is a crack or keygen for a popular game or other software.
  • Using torrent software. The same as for cracks and keygens applies here—unless you can verify what you are receiving, don’t download anything from anyone.

Stay safe, everyone!