Unfortunately, as the saying goes, there are no free lunches and maintaining your privacy in this world of easy access requires a good deal of conscious effort. So, if you’re one of the billions (1) of social media users out there, you’re already familiar with the rewards. However, you may not be fully aware of the risks posed by others – and yourself.
Social media: the new phishin’ hole
Phishing is an attempt to acquire sensitive information, such as your login name, password, and credit card details, by masquerading as a trustworthy company or organization. Phishing attacks (2), once limited to email, are increasingly launched through social media (3). It’s easy to get lulled into a sense of false security while interacting online with friends and colleagues, but this seemingly-safe environment is only a change of scenery for many of the same threats. Malware, scammers, and impostors abound on social media, so it’s important to retain your healthy skepticism in this environment. Follow this simple advice to protect yourself when using social media:
Beware of scams (4). Scammers lay traps with enticing phishing links – don’t click on them! Never install software to unlock a “deal,” no matter how good it seems. Software purporting to do one thing could easily be a virus, intent on causing harm. Ignore urgings to share a particular post in exchange for a (never to materialize) reward. Also, avoid participating in contests and those “fun” surveys that collect information from you in exchange for revealing some playful insight (5). Is the answer to “Which wild animal best represents you?” really worth your privacy? And, lastly, keep your ID and password private. Never provide your login credentials to anyone. This is true for all of your accounts, social media or otherwise.
Scrutinize friend requests. Be very careful about accepting friend requests from people you don’t know. A hacker may pose as a friend or friend-of-a-friend to fool you into sharing personal or professional information. Having mutual friends is not a reliable indicator because many people automatically accept friend requests. Things to consider: how elaborate is the requestor’s profile? If it was recently created, has little backstory, or is sparse on photos and other postings, it’s quite possible that the “friend” issuing the request is not authentic.
Lock-down privacy settings. Being selective with friendship requests may not matter much if your privacy settings aren’t properly configured. Check your privacy settings to be sure you’re only sharing information and posts with your friends and not publicly broadcasting your updates. Inattention to this crucial detail makes your social media presence an open book for anyone with an Internet connection.
Keep an eye out for profile clones. What’s more, cyber criminals could snatch your profile picture (and other photos and identifying information) to create a duplicate account that appears to be you! They use this account to try to fool your contacts into, for example, providing personal information (for identity theft purposes), clicking on phishing links, or sending “emergency” cash (6). You can check to see if anyone else is using your profile photo (or any of your photos) by using Google’s “search by image.” (7)
When in doubt, leave it out
As a member of the Judiciary, you’re well-aware of the importance of professional and personal propriety. Social media, for better or worse, empowers its users to broadcast their opinions, stray musings, and photographs far and wide. Aside from exercising discretion over what you share from your personal life, be aware of the importance of refraining from posting judiciary-related information. Commenting on cases before the court is clearly inappropriate, but also be careful not to reveal judges’ travel schedules or to expose non-public areas of the courthouse using your mad photography skills.
Don’t get hacked!
If the social networking accounts of the tech-savvy, like Mark Zuckerberg, the founder and CEO of Facebook, can get hacked (8), it can happen to anyone. Protect every account with a strong password – ideally a different password for each site (9). Double-down on your account security by enrolling in two-factor authentication (10) wherever it is available – now supported by Facebook, Twitter, LinkedIn, Instagram, and Google. In addition to the password, logging into these accounts will require approval from you via your registered mobile phone – just as was recently implemented for remote access to the judiciary’s private network.
For more information about social media security, see the brochure Social Networking: Seven Security Pitfalls to Avoid. Judiciary employees also should be aware of and comply with local policies regarding the use of social media. Contact your local IT department with any questions.
1. Statista: Number of social network users worldwide from 2010 to 2019 (in billions)
2. Security Tip: Phishing: Don’t Get Hooked!
3. Symantec: 2014 Internet Security Threat Report, pp. 64-68.
4. CNN Money: Top 5 social media scams to avoid.
5. ACLU: Quiz: What Do Facebook Quizzes Know About You?
6. Fox5 News Video Report: Facebook cloning scam targets potential victims with simple friend request.
7. Google: Inside Search - Search by image.
8. Wall Street Journal: Mark Zuckerberg’s Twitter and Pinterest Accounts Hacked. Notably, his Facebook account was not hacked.
9. Security Brochure: Taking the Guesswork Out of Managing Multiple Passwords.
10. Security Tip: Double Down on Security: Protect the Way You Connect.