Protecting Yourself on Social Media
As social media becomes more and more integrated into everyday life, there are steps that should be taken to prevent the hacking of your accounts and prevent rogue applications from posting unwanted updates.
Browse Securely
First, a tip that is something that should be followed even if you do not use social networks. Check to make sure your web browser is up to date. Going to a site that has been compromised with a browser that is not up to date could cause spyware to be installed. That spyware could try to get your login information for the social networks.
Also, on sites like Twitter and Facebook, you should enable secure browsing. This will encrypt your login information whenever using the sites. This is especially important when using a public, unsecured wi-fi network. Someone could be on the wi-fi network trying to sniff out login information that is not sent out on an encrypted connection. There is a known add-on to a certain web browser (which I will not reveal here) that does sniff out login information on a network.
It is worth noting that not every page is able to be encrypted. There was a flaw in Facebook’s implementation of being able to browse securely that when you went to a page (typically in an application) that was not able to be securely transmitted, the secure connection would be ended and you would have to go back in to your settings and enable secure browsing again. This has been fixed.
Here is how to enable secure browsing on Twitter and Facebook:
- Go to Settings
- On the Account tab, scroll down to “Always HTTPS” and check “Always use HTTPS”.
- Go to Account, then Account Settings
- On the Account tab, go to Account Security and click change
- Check “Browse Facebook on a secure connection (https) whenever possible”
- Click Save
Be Cautious of Bad Applications
Twitter and Facebook allow applications to connect to and post items. For some applications, like clients for phones, this is okay. However, there are some applications out there that are malicious and will try to spread themselves by posting without your knowledge. These are referred to as Rogue Applications. They can pose as a way to show you who has viewed your profile, how many views your profile has, “You won’t believe this!” stories, and things that don’t seem true. Here are some examples from security company Sophos. Most of the applications include a survey as a “verification” procedure, after you have given permission to that application to post updates. That survey is how the scammers are making money and now those scammers have permission to post and try to spread their scam. Don’t add any applications that are saying they can show you who has visited your profile, how many people have visited your profile, promise things that are too good to be true, or anything that seems fishy. Also, when adding applications, actually read what permissions you are giving that application. If the application is asking for permission for more than you are willing to give it, do not add that application.
I feel that you should periodically check what applications you have given permissions to so you know what has the ability to access your information and what could post. If there is an application that you are no longer using, remove it, incase it turns rogue.
Here is how to check what applications you have given access to on Twitter and Facebook:
- Go to Settings
- Click on the Applications tab
- If you want to prevent an application from accessing your account, click “Revoke Access”
- Click on Account, then Privacy Settings
- Under “Apps and Websites” (toward the bottom of the page) click “Edit Your Settings”
- Under “Apps You Use” click “Edit Settings”
- If you want to see what the application can access, click on it.
- To remove an app, click the X next to it, or if you are checking what it has access to, click “Remove app”.
Again, do not allow any applications that offer “too good to be true” tales, say that they can tell you how many views your profile has, or seem fishy. Those applications can and often do compromise your accounts.