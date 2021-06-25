REVIEW the URLs, not clicking on unknown links, avoiding sharing personal information or being wary of spelling mistakes in emails are just some of the keys to avoid becoming a victim of this type of theft.

Every June 30 is celebrated as Social Media Day. These famous platforms are growing in popularity and users by the minute. Today, the figures confirm this trend, with 4.2 billion social network users worldwide, indicating a year-on-year growth of more than 13% (490 million new users). In addition, more than 53% of the world’s population are now members of one.

Check Point® Software Technologies Ltd, a leading provider of cybersecurity solutions globally, warns of the danger posed by cyberattacks aimed at stealing accounts on these platforms, due to the great value of information recorded on them for cybercriminals.

For this reason, the experts at Check Point Software want to highlight the different techniques used by these individuals to usurp social media accounts, in order to warn users of their danger:

Fake website

One of the most common techniques used by cybercriminals is to fake an official website in order to carry out a fraudulent action. The fake website replicates the design of the original, even using a similar URL, making it difficult for the user to detect the deception.

An attempt is usually made to get the victim to click on the fraudulent link, usually via an SMS from a well-known brand to inspire confidence in the recipient. It requests an identity check or alerts them that someone is trying to break into their account, so that they can enter their personal login details and use them to their advantage.

DNS hijacking

This method consists of impersonating the email address of any trusted social network with the aim of acquiring the victim’s personal data through deception to later be used for malicious purposes.

If the cybercriminal manages to acquire a person’s social network data, it can be sold on the Dark Web and used to send mass spam emails or chains of hoaxes or other frauds.

Infected router

Another of the systems through which cybercriminals can get into computers and, therefore, into users’ accounts is by infecting them with malware that allows them to access their victim’s router.

Once inside the router, they are able to modify its DNS so when the victim tries to access a certain website from their browser, they are taken to another website chosen by the attacker. In this way, once again, the criminal has a clear path to acquire all the assaulted user’s data and use it to his advantage.

Tips to avoid data theft from your social networks

Check the URL: It is essential to carefully check the URL that you are going to access to identify differences with the original, and thus avoid falling into the trap.

Another detail to look out for is that the website has an SSL Certificate. This technology keeps the internet connection secure and protects any confidential information that is sent between two systems and prevents cybercriminals from viewing and modifying any data that is transferred, including information that could be considered personal. It is recognised at the beginning of the URL, by adding an “s” at the end of the acronym https://.

Never click on links: When you receive an email or SMS from any social network email, it is advisable never to click on the link in case it is malicious. It is advisable to use the search engine to go to the website of the company you are writing to, to avoid a possible scam.

Never share personal information: Information theft is a common target for cybercriminals. For many people it is very common to use the same names and passwords on different social media accounts, so stealing data from one gives the attacker the opportunity to do so on the others. Not sharing personal information and not using the same password is one of the best ways to protect yourself.

Always be wary of emails suggesting a password change: If you receive an unsolicited email asking you to change your password, it is essential to go directly to the page (do not click on the link in the email) and renew your password from the same page (and from other accounts where you have the same one). Not having a password is one of the problems that cybercriminals face when trying to access an online account. To get it, they send the user a fake email to change it, redirect them to a phishing website, and there they ask them to enter their personal data and provide it to them for their purposes.

Pay attention to language: When an attacker sends an email impersonating the identity of any social network, pay special attention to the language used. It is important to look for possible spelling mistakes in emails or on websites, as finding an “o” where there should be a zero or misspelled company names, are one of the signs that should set off alarm bells.

