Human beings are social animals. We like to stay connected with friends, family and even workmates via social media. It is very rare to come across someone that does not have some sort of online presence. We share photos of what we just had for lunch, videos of beautiful vacations or even just a status update on how bored we are today. There is really no limit to what we can post.

Just because we can post it however, does that mean we really should? Malicious hackers lurk around every corner of the internet. If we are not careful in what we share online, it can open us up to dangerous situations and of course, dangerous people. So how can we be “social network smart” in an age that relies so heavily on it? This article will point out a few ways we can do so.

Avoid Oversharing

The truth is social media is a buffet of information for a potential malicious hacker. If given a wide variety of options, a predator can easily compile enough information to find our location or learn the best way to contact us. They may even discover enough to impersonate us!

In Hollywood, you may have seen the use of social media to locate a suspect in a police investigation. They may scan their recent posts and build a timeline of where they have been, locating where they work, or finding their motive for a crime. In heist movies, you may have seen the thieves use social media to find a post by a security guard with his badge in frame. These methods of investigation are not just pure fiction by any means. In the world we live in, they can be easily used by anyone.

That being said, when it comes to social media, a hacker only has access to what we put out there. By not oversharing, we can limit the amount of information an attacker may have at their disposal. Here are some things we should steer clear of sharing on social media:

Addresses
Phone numbers
Personal or work email addresses
School or work locations
Job role
Sensitive credentials (such as usernames or even passwords)
Financial information or status
Current location

Always remember… once posted, always posted. This saying not only applies to protecting our reputation online, but also to protecting our sensitive information and data. Once our sensitive data appears online, it is already too late to get it back.

Adjust Your Privacy Settings

You are likely familiar with the ability to set your account to Private. This may be the most obvious method of protecting ourselves, but it is still very effective. By changing our account so it is only viewable to friends and people we approve, it significantly lowers the chances of a hacker learning more about us.

Bear in mind, this does not mean we can just become lax in the things we post on our private account. We should still steer clear of posting sensitive information we stated in the above section. Doing so would protect us even if our friends’ accounts were hacked. This is why it is paramount that we remain mindful of what we share to ensure our safety.

Beware of Geotagging

Have you heard of geotagging before? This is one aspect of personal privacy on social media that many may not be aware of. Geotagging is the insertion of latitude and longitude data into a file or document. This is commonly found in digital photos in the same way that they may be encoded with the time and date they were taken. In fact, 82% of all digital data generated today contains some form of geotag. This data found in the pictures we post allows anyone to see where you are, where you were, and where you are not at any given time. A scary thought, wouldn’t you agree?

Social media relies heavily on the use of geotagging. When installing your social media app of choice, you were likely met with a message asking “Allow {Application} to access your location?”. By agreeing to features like this, we are allowing any photos taken with the app to be automatically encoded with geolocation data. Be aware though, you may not always be asked if you want to share your location data. In fact, many devices from Androids to iPhones come with geotagging automatically enabled! Your phone may be sharing this data without you even realizing it.

How to Prevent GeoTagging

Each phone may vary, but you can usually check if geotagging is enabled by navigating to your “Settings” app. This feature will usually be tucked away under “Privacy” and “Location Services”. Once accessed, you should then be able to tweak the settings under each installed application you have on your phone. (For some this also includes the stock Camera that comes with your phone by default!) Often the feature you are looking to disable will say something along the lines of:

Precise location
Location tags
Allow location access
Include GPS location

This Guide breaks down how to disable location services altogether or only for certain apps. The latter will help you keep location services for important apps such as GPS Maps, etc.

Never Let Your Guard Down

It is important to always keep a safety-first mentality when navigating the internet. When on social media, sometimes we can become comfortable. This isn’t necessarily a bad thing, as social media has a lot of positive features and is meant for us to enjoy and connect. That being said, we still need to be mindful of what we put out there and with whom.

As a Human Risk Analyst who has performed OSINT work for our clients, I have seen firsthand how much information can be obtained on a target using their social media account. Sometimes I find it scary just how much of a gold mine it can be, which is why I stress the importance of the tips mentioned above. If we follow them, we will be on our way to improving our own personal security.

Written by: Josten Peña

Images:
https://images.unsplash.com/photo-1622929611233-bd6d58cbd4dd?ixlib=rb-1.2.1&ixid=MnwxMjA3fDB8MHxwaG90by1wYWdlfHx8fGVufDB8fHx8&auto=format&fit=crop&w=1471&q=80
https://www.gizmodo.com.au/wp-content/uploads/sites/2/2017/04/03/bsbf4ad776457zxuvl4r.jpg?quality=80&resize=1280,720 

This entry was posted in Uncategorized and tagged .

Leave a Reply

Your email address will not be published. Required fields are marked *