Good practices in social networks

How?

1. Accept only links from people you know
2. Don't give your mobile number or address on your profile or in posts;
3. Avoid sharing information that reveals places, pictures of children or sensitive data;
4. Confirm the veracity of the news you share - always check the source;
5. Don't click on suspicious posts and links - some may be phishing or malicious software;
6. Use unique and complex passwords to access social networks and change them frequently;
7. Opt for the strictest privacy settings;
8. Activate the automatic smartphone lock and the use of PIN or password;
9. Do not log in to other services through social network accounts.

What goes right when you act right

• Keep your personal information more secure;
• Be better protected against theft of accounts and profiles;
• Protect children from possible threats;
• Prevent the spread of fake news.

Why care

Because social networks are a medium that threat actors use to collect sensitive information about potential victims. This information can be used, for example, in phishing attacks or home burglaries. In addition, social networks are a means for identity theft, spreading fake news, spreading malicious software or collecting usable materials against children

Did you know that?

What you post can be used by others without you having control over that use. Some privacy settings allow this possibility. From the moment you post something on a social network, someone can copy that content and share it with others. WhatsApp messages can also be leaked to third parties and there are cases where the encryption system is compromised. In addition, by posting an image, you give up the rights to it. There are criminal networks that build databases with images of children for malicious purposes. Parents should be careful not to share images of their children without their permission (sharenting), whenever possible.
Social media has a commercial component. When you "like" a post, it helps create a profile for targeted advertising. When you access platforms using social media accounts, you share your data with those platforms. You should be informed of this and given a choice at that point. Cases of misuse of social media data have increased a lot in recent years. Phishing on these platforms has also grown a lot. This form of collecting sensitive information through manipulation, or social engineering, does not only happen through email or SMS (smishing). Through posts it is possible to lead users to share private information, such as credit card numbers. There are also SPAM and phishing campaigns launched through the messaging systems of social networks.
Equally worrying is the use of social networks to spread disinformation (commonly known as Fake News), with political or economic objectives. The sharing of false news finds in these networks a very important way of propagation. For each like and share that a user makes, the content in question is promoted. In the case of disinformation, by spreading this type of material, the user becomes a colluder and a fundamental piece for the propagation of information that is not true. Moreover, many of the profiles and respective shares are based on fake accounts or on the activity of a botnet.
Finally, it is essential to mention that certain cases of identity theft occur through the appropriation of social network accounts, serving to cause reputational damages to third parties or to bring economic benefits to malicious actors. Due to their social and interactive nature, these platforms are one of the main vehicles for cyberbullying. The exposure they provide allows bullies and trolls to exploit the available information to stalk and harass (through content) their victims and children to be subject to online harassment by adults (grooming).

Data

• Attacks targeting specific individuals and organisations through social media is a growing trend in 2020.
• Another trend in 2020, which comes from previous years, is the use of social networks for disinformation campaigns that seek to manipulate citizens for political purposes. (ENISA Threat Landscape, 2020)
• In 2019, the conditioning of sharing personal information on social networks was the limitation that individuals in Portugal most placed on themselves as a result of security concerns in the use of the Internet, by 32.6% of respondents. (IUTIC Households, INE, 2019)
• In Portugal in 2019, only 16% of individuals admit to having changed the password of a social network account during the previous 12 months. The EU average in the same year is 25%. (Special Eurobarometer 499, 2020)
• 37% of individuals in Portugal, in 2020, admit to using social network accounts as a login procedure to other online services. The EU average is 35% (Identification procedures used for online services, Eurostat, 2021).