Craig Rosewarne from Wolpack Risk added that the higher one’s public standing‚ the more vulnerable online accounts became.
“It depends if they have just opened a normal account and they haven’t hardened the account by changing the privacy or the security settings. It is fairly easy to access their accounts by guessing their password based on what they put on their social media profile. So that would be a starting point.”
Online users should also be cautious of emails received from social media sites requesting a password change.
“The next step from that would be to send them an email where you fool them to be from LinkedIn or Facebook‚ where you create a false Facebook account and say because of a security breach they need to log in and validate their account. You would then redirect them. It is very easy to spoof an email coming from Facebook‚” Rosewarne said.
“You are then able to log in as them and basically do whatever you want to. We always encourage people to put in two-factor authentication‚ like you have with online banking. That is an extra level of security.
“At the end of the day‚ for the average person it is not easy but if someone just knows the basics it is possible to gain access to their social media accounts. The more high-profile you are‚ as a company or an individual‚ the more likely you are to be targeted.
“You are going to get all types of fans that just want to be closer to you or people that mean harm to you. The threat is so much bigger if you are famous.”
Rosewarne provided three tips for improved online safety:
• Limit what you post online. Think twice before you post. Good people are going to be reading this and bad people are going to be reading this.
• Ensure that only your friends or followers can see your content. You don’t want the whole world to see your photos.
• Use two-factor authentication. Most of the platforms have this option and it does not cost a thing.
Haroon Meer from Thinkst Applied Research said once another person had gained access to an online social media account‚ tracking them down could prove to be difficult.
“If you logged into Bob’s Facebook account and scribbled‚ ‘I hate whales‚’ on his wall‚ you are probably okay by simply using a free proxy server to cover your tracks. If you are making death threats against a president or poking an intelligence agency‚ you are going to need a lot more‚” said Meer.
Not only do celebrity social media accounts fall victim‚ but large companies need to ensure that they safeguarded themselves from online intruders.
“Most of the big banks have had several incidents over the years and several government agencies have been publicly hacked or embarrassed. So far‚ reports that we have seen publicly are a relatively small representation of what happens (since most companies don’t even know when they are hacked) and nobody has been forced to disclose their breaches if they did.”
Arthur Goldstuck from World Wide Worx warned online users that clickbait links could also do harm.
“There are several ways an account can be compromised. The most common is through malware programmes disguised as links to videos or images. Typically you receive a message saying something like‚ ‘You won’t believe this video‚’ or‚ ‘See what people are saying about you.’
“The natural instinct is to click on the link‚ but it hides a mini programme that is in fact asking you to click on it to allow access to your account. A second way is for people to use personal information about you that you have revealed publicly‚ such as your children’s or spouse’s name‚ or a nickname‚ to guess your password.
“It’s hit and miss‚ but sooner or later they get into someone’s account that way. Finally‚ they try out the most common passwords in the world‚ like ‘12345678’ and ‘password’‚ with that very commonality meaning they will find accounts using these.”
Goldstuck offered the following tips to protect online passwords.
“Firstly‚ never click on a strange or obscure link. If someone tells you to click on something but won’t tell you what’s behind it‚ be suspicious. Second‚ choose a strong password. The test for a weak password is simple: will someone else be able to guess my password randomly?”