Cyber

Staying Safe on Social Media

September 30, 2024

In today’s world, social media platforms have become one of the standard ways to connect, communicate, and build communities. Alongside the benefits social media provide, they are also used by cyber attackers to launch sophisticated attacks.

In this article, based on the October edition of our monthly newsletter, we focus on social media safety — what the common threats are, how attackers use social media to target individuals and organizations, and the best ways to protect your organization and yourself from cyber threats that make use of social media.

  1. Common cyberattacks that use social media
  2. Examples of recent cyber-attacks on social media in Africa and globally
  3. Tips on how to recognize and avoid cyber-attacks on social media
  1. Common Cyber Attacks on Social Media

Social media platforms are a common playground for cybercriminals, who use various tactics to exploit users and steal sensitive information. Here are four common types of cyberattacks that use social media as a platform for launching attacks:

  1. Phishing: Phishing involves sending fraudulent messages that appear to be from a trusted source. On social media, this can take the form of direct messages or posts with malicious links designed to trick users into revealing login credentials, personal information, or financial data.
  2. Romance Scams: Attackers create fake profiles to form romantic connections with victims. Once trust is established, they manipulate victims into sending money or sharing sensitive information, often leading to financial and emotional harm.
  3. Social Engineering: Cybercriminals use information from social media profiles to manipulate individuals into providing confidential information or performing actions that compromise security, such as revealing company data or transferring funds.
  4. Impersonation: Attackers create fake accounts posing as individuals or companies, using these accounts to spread misinformation, solicit personal information, or scam users into making payments or providing login credentials.

Each of these attacks preys on the trust users place in social platforms, making awareness and caution critical to staying secure.

2. Examples of Cyber-Attacks on Social Media in Eastern Africa and the Middle East

These are a few examples, in which cyber attackers have used social networks to launch scams and cyberattacks:

1. Phishing attack – fake job scam posing as Kenya Power (2022):

In 2022, a fraudulent job advertisement claiming to offer employment positions at Kenya Power circulated on Facebook. The scam post invited users to apply for non-existent positions, directing them to provide personal information and make payments for application processing fees. Kenya Power issued an official statement warning the public about this scam and clarified that any genuine job vacancies are advertised through their official communication channels, not via social media.

2. Phishing Campaign on WhatsApp in Zambia (December 2022):

A phishing scam in Zambia used WhatsApp to target university students with fake scholarship offers. By clicking on the malicious links, victims unknowingly shared personal and financial data, leading to risks of identity theft and financial fraud.

3. Social Engineering Attack on LinkedIn users in Saudi Arabia (December 2023):

Hackers used hundreds of fake LinkedIn profiles to target professionals in Saudi Arabia, aiming to commit financial fraud and steal sensitive corporate data. These profiles often appeared to belong to young women working in Southeast Asia. The profiles established trust, after which attackers sold fake certificates, convinced employees to share sensitive data, or sold access to these profiles.

These cases demonstrate how cybercriminals are leveraging the power of social media to launch targeted attacks, inflicting both financial and reputational damage across Africa and globally. Knowledge and awareness of safe conduct on social networks is critical for any individual and organization, as this threat evolves.

3. Recognizing and Avoiding Cyber Attacks on Social Media

With the growing use of social media platforms, cybercriminals have developed sophisticated methods to exploit users. Recognizing potential attacks and implementing effective safety measures is crucial for protecting both personal and organizational data.

Here are a few tips to identify online scams, and best practices to stay away from them:

  • Red flags – suspicious signals of scams using social networks:

o Suspicious Messages: Be cautious of unsolicited messages, especially those that include grammatical errors, urgent requests, or unfamiliar links. Scammers often use a sense of urgency or fear to manipulate users into acting without thinking, such as clicking on a malicious link or providing personal information.

o Too-Good-to-Be-True Offers: Scams often promise high rewards with little effort. Whether it's an investment opportunity with unrealistic returns or a contest you've never entered, these are red flags. Always verify the authenticity of such claims before engaging.

o Requests for Personal Information: Legitimate companies and institutions rarely ask for sensitive data through social media. If someone requests login credentials, financial information, or other personal details, it's likely a scam. Always contact the company through official channels to confirm.

  • Tips for Protecting yourself from cyberattacks and scams using social networks

o Use strong passwords and two-factor authentication (2FA): One of the most effective ways to secure your accounts is by creating unique, complex passwords. Use a combination of upper and lowercase letters, numbers, and symbols. Additionally, enable two-factor authentication for an extra layer of security, as it requires you to verify your identity using a second device or app before logging in.

o Regularly review privacy settings: Social media platforms frequently update their privacy settings. Regularly check and adjust who can view your posts, profile information, and contact details. This limits the amount of personal data visible to potential attackers.

o Think before you click: Avoid clicking on links or downloading attachments from unknown sources. Scammers often hide malicious code in such links, which can infect your device or lead to phishing sites. Hover over links to check where they lead before clicking.

o Limit personal information sharing: The more personal information you share, the more cybercriminals can use it to target you. Avoid posting details like your home address, phone number, or travel plans. This information can be used to impersonate you or craft personalized attacks.

o Monitor for unusual activity: Regularly check your social media accounts for any unusual activity, such as messages or posts you didn't create. If you notice anything suspicious, change your passwords immediately and review the account's login history.

o Report suspicious activity: If you encounter phishing attempts, fake profiles, or malicious content, report them to the platform. Most social media sites have mechanisms for reporting fraudulent behavior, and reporting helps prevent others from falling victim to similar scams.

o Use a Trusted Security Solution: Use a reliable internet security suite that includes protection against phishing and malicious links. Some solutions can also warn you of potentially dangerous websites before you visit them.

By staying aware of these warning signs and implementing these security measures, you can significantly reduce the likelihood of falling victim to cyberattacks on social

4. Summary

In this article, we explored the key risks associated with social media, highlighting common types of attacks such as phishing, social engineering, and impersonation. We also provided real-world examples of recent incidents in Africa and shared practical tips for recognizing and avoiding such threats. For more detailed insights or tailored support on enhancing your organization's cybersecurity posture, feel free to get in touch with us at Plena Solutions.

About us

Plena Solutions Ltd. is a cybersecurity solutions provider, with a primary focus on addressing the needs and challenges of organizations from the private and public sectors in Eastern and Southern Africa. With offices in Kenya and Israel and activity across Eastern and Southern Africa, we combine deep local insights, experience, expertise, and global top-notch cybersecurity technologies & solutions. We serve as our clients’ trusted advisor and implementation partner on risk and cybersecurity topics, helping them keep safe and ahead of any cyber threat.