Over 13% of the world population is on social network and the number keeps growing exponentially. Those who do not own an account on Facebook or Twitter are now being viewed as those living in prehistoric times.
No doubt, social media is wonderful in helping you stay connected with friends, but the sheer popularity of social media attracts the attention of cyber criminals looking for ways to harvest identities. Recent surveys by IT security analysts clearly indicate that social media is fast emerging the most convenient platform for malware delivery by hackers. Clickjacking, phishing, identity sniffing are all continuing unabated and are growing at a faster pace. Despite untiring awareness campaigns by the social media giants, even tech-savvy users are falling prey to attacks perpetrated through the social media.
With the proliferation of online applications, users find it hard to remember passwords and follow the easy way of using the same password for all the accounts like-social media, banking, brokerage, and other business accounts. This single master-key practice makes the hackers doubly happy. Their job gets greatly simplified. Identity theft at one place leads to compromises at numerous other places. In all probability, hackers would be able to easily gain access to other online accounts too.
Cyber criminals find perpetrating attacks on social media very easy. Just consider these scenarios:
So, when security incidents happen at one of the places/sites, you should essentially reset the passwords of all other online accounts too. But, before you could do that, you should have the list of all online applications in which you own an account!
Making things worse, of late there seems to be a change in the modus-operandi of hackers and they are not relying only on the the traditional attack patterns anymore. Cyber criminals are increasingly targeting the login credentials of employees and administrative passwords of IT resources, using a number of techniques like spam and phishing emails, keystroke loggers, and Remote Access Trojans (RAT).
Once the login credentials of an employee or an administrative password of a sensitive IT resource is compromised, the institution will become a paradise for the hacker. The criminal is then able to initiate unauthorized wire transfers, view the transactions of customers, download customer information or carry out sabotage.
In addition, just as it happened with LinkedIn last year where over 6.46 mn hashed passwords were stolen, hackers are eyeing on stealing identities in a big way. The situation becomes much graver if a stolen password has also been used to access a variety of applications and websites.
There is no magic wand: Use a unique password for every site.