While billions of people use social media every day to tell the world what they had for breakfast, popular channels like Facebook are increasingly being used by criminals to gain access to personal data that can wreak havoc socially and financially.

Just how prevalent the problem is in New Zealand is unknown. There is general awareness that social media accounts get hacked – we all know someone who’s run into strife – but as social media hacking isn’t widely reported, it’s an unknown quantity. But the team at CERT NZ have heard enough stories to paint a picture of a social media scenario all Kiwi users need to be aware of.

Picture Julian. He enjoys using social media to connect with friends and family and although his posts are private, he keeps his friends list, likes, and schools publicly available so old friends can find him.

Julian can’t imagine that anyone other than those who know him would be interested in his life. Little does he know that an attacker in another country is eying up Julian’s page, and determinedly noting his likes, favourites and personal interests to see what other services he uses. Our astute attacker has identified that Julian uses Trade Me, banks with ANZ, shops through Paypal, through the pages he’s liked on Facebook, and his personal info shows he went to Wellington College and has a Burmese cat.

Because Julian hasn’t taken care to create an obscure, long password, the attacker manages to reset Julian’s password by guessing the security questions to his Facebook account, based on information Julian didn’t make private. The attacker now has access to Julian’s account and has changed the password to lock him out.

Julian receives a message demanding ransom money to get his account back. Outrageous! To make matters worse, he then discovers his Paypal account has been hacked and strange purchases are showing up in his bank account.

While this might sound far-fetched, it happens. Poor Julian! To make sure it’s not poor you, take these steps to safeguard your social media accounts.

Keep your private life private

  • Set the privacy controls on your social media accounts so only friends and family can see your full details.
  • Don’t put too much personal information out there.
  • If you share pictures of your dog, make sure you’re not also using your dog’s name as your password.
  • Don’t access your social media accounts on public computers or let browsers remember your login details.
  • Update your password to one that’s long and strong, and enable two-factor authentication on all your social media accounts.

For more tips on stepping up your cyber security, go to www.cert.govt.nz/cybersmart