Con Watch: 5 Best Practices to Prevent Getting Hacked on Social Media
Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
The recent hacking of the Twitter accounts of many prominent people including Joe Biden, Bill Gates, Elon Musk, Warren Buffet, Jeff Bezos, and Mike Bloomberg highlighted how vulnerable all of us are when using social media. The hacking of your social media accounts can be leveraged by sophisticated criminals to make you a victim of identity theft or to steal your assets. However, there are simple steps you can take to avoid being hacked. Here are five best practices that we all should follow to protect ourselves.
1. Use Strong Passwords
Having a strong and unique password for each of your social media accounts can go a long way toward protecting your security. Unfortunately, too many people use the same password for all of their accounts. This makes you particularly vulnerable to being hacked because in the event of a data breach at one of your online accounts, the hackers now have the password for all of your accounts, which puts you in great jeopardy. (I’ll have Identity Theft for $500, Alex).
Consider using a password manager, which is an app you can use that will create complex passwords for each of your online accounts. All you have to do is remember the one password to your password manager. Some people are concerned that even a password manager can be hacked. While this has not occurred yet, it is a reasonable concern. A good way to generate your own complex passwords for each of your accounts that are easily remembered is to start with a base password, such as IDon’tLikePasswords. This is a good base password that has capital letters, small letters and a symbol. Now make it even stronger by adding a few symbols such as !!! to make your base password IDon’tLikePasswords!!!. This base password can easily be customized for each of your accounts with a few added letters. So, for instance, your Amazon password could be IDon’t LikePasswords!!!Ama. This is an easy way to create complex, unique and easy to remember passwords for each of your accounts.
2. Provide Fake Answers to Security Questions
A security question is an important element of protecting you from being hacked. Unfortunately, enterprising hackers have managed to change the passwords of their targeted victims by answering common security questions with information found through online searches. Often we are our own worst enemies when we provide too much information on social media that is available for a hacker to learn the name of your dog, for instance, or other information that might provide the answer to your security question. An easy solution to this problem is to provide a nonsensical answers. There is no legal requirement that you answer your security question honestly. Thus, the answer to the security question asking your mother’s maiden name can be “firetruck.” You will remember this because it is so silly and no hacker will be able to guess it.
2. Use Dual Factor Authentication
One of the best things you can do to protect yourself from being hacked is to use dual factor authentication on your accounts. With dual factor authentication , when you login to one of your accounts, an additional form of authentication is required. Most commonly, after you type in your password, a special one-time code is sent to your cell phone. You then must enter that code in order to access your account. Even if someone manages to steal your password, they will not be able to access your account. Actress Jennifer Lawrence’s iCloud account containing nude photos of her was hacked when she unwittingly responded to a socially engineered email that appeared to come from Apple asking her to confirm her password. If she had used dual factor authentication, even if the hacker had her password, he would not have been able to access her account.
3. Beware of SIM Swapping
Some very sophisticated hackers have been able to defeat dual factor authentication by SIM swapping your phone number to the hacker’s phone. A Subscriber Identity Module, more commonly known as a SIM card, is an integrated circuit that stores information used to authenticate subscribers on mobile devices, such as cell phones. SIM cards can and are transferred between different devices, such as when you get a new phone. Hackers call your cell phone provider posing as you, answer a security question, and have your SIM card switched to their phone, enabling them to defeat dual factor authentication, because now the authentication code is going to their phone and not your phone. Fortunately, you can set up a PIN or password in order to access your mobile service provider account to protect yourself from SIM swapping. Particularly prudent people can even require that their SIM card only be changed in person.
4. Use Security Software and Install Security Updates Right Away
Make sure you have installed good security software on all of your devices and install the latest updates on your programs, applications, and computer and mobile device operating systems as soon as they become available. Note that even the most up-to-date security software will always be at least a month behind the latest strains of malware. This is why, even if you have the best security software, you should never click on links in emails or text messages unless you have absolutely confirmed they are legitimate. Clicking on links infected with malware sent through socially engineered phishing emails and text messages is the most common way that malware is installed.
Nothing you can do will absolutely guarantee that you will not have your social media accounts hacked, but following these five best practices will go a long way toward keeping you safe.
Featured image: (AngieYeoh / Shutterstock)
Con Watch: Are Ring Cameras Secure?
Steve Weisman is a lawyer, college professor, author, and one of the country’s leading experts in cybersecurity, identity theft, and scams. See Steve’s other Con Watch articles.
Ring brand cameras are a popular home security device; however, they have recently received negative attention due to reports of the cameras being hacked. For instance, Ashley LeMay installed two Ring cameras last November to monitor her children while she worked. Surreal video footage of a hacker speaking to LeMay’s daughter has appeared throughout the media coverage of the incident. Now LeMay and others have filed lawsuits against Ring alleging that Ring products have defective security.
It’s not as bad as you think. It’s far worse.
As disturbing as this story is, the potential problems brought about by hacking security cameras or other home Internet-of-Things devices are far more worrisome. In many instances, if a hacker is able to gain access to one device that is part of the home’s WiFi network, they could also gain access to other connected devices, such as a computer containing personal financial information or, if the victim works from home, even corporate files.
In the case of many of the victims of Ring and other security camera hackings the problem does not appear to have been a flaw in the Ring security cameras, but most likely can be attributed to consumers failing to change the default password with which the Ring camera or other device came. These default passwords are readily available to hackers on the Dark Web.
Many hackers search the Internet for unsecured web cameras and baby monitors; if the factory setting username and password have not been changed, they gain easy access to these cameras.
Hackers have published the usernames and passwords of thousands of users of Ring cameras on the Dark Web, that part of the Internet where cybercriminals buy and sell goods and services. These usernames and passwords appear largely to have been obtained through data breaches. Compounding the problem is that many people make the mistake of using the same username and password for all of their accounts, putting all of their accounts in jeopardy.
How to Secure Your Ring Camera
- If you have a Ring camera, baby monitor, or home security camera, make sure that the camera and software are updated with the latest security software from the manufacturer.
- Make sure that your router, which connects all of your home devices to the Internet, is password protected and that you change the username and default password for each of your Internet-of-Things
- Don’t use the same password for all of your accounts. If one company suffers a data breach in which the hacked passwords became available to cybercriminals, then all of your accounts become vulnerable. You should have a unique, strong password for each of your online accounts.
Creating and remembering strong, unique passwords for each of your accounts is not as difficult as it may appear. You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Ring password could be IDon’tLikePasswords!!!RING. Alternatively, you can also use one of the many password managers, such a Dashlane, Avira and Kaspersky that will generate and store secure passwords for you.
- Use dual factor authentication, which is where the company sends a one-time code to your cell phone that must be used to access your account. Even if a hacker has your password , they would not be able to access your account. Ring offers the option to use dual factor authentication. In response to these increasing incidents of Ring cameras being hacked, Ring has stated that it will soon be making dual factor authentication the default setting on all of its new devices rather than merely offering it as an option.
Featured image: BrandonKleinVideo / Shutterstock