Social media is great for both marketers and consumers, as it allows them to share information rapidly in the online world. But there are also a few security vulnerabilities that networks need to address quickly and users need to be aware of.
Ever been in a Facebook group and seen a “spammy” type post made by a member that seemed completely unrelated to the topic? Usually, these are advertisements for clothing and accessories. Sometimes, hacked accounts are used to post spam either manually or more often through the help of automated tools. Sometimes, rogue apps are used which will then make posts on the user’s behalf to their friends walls as well as to groups that they belong to.
Facebook isn’t the only site that has had problems. In June, a security expert has reported a XSS (cross site scripting) vulnerability on the popular social blogging service called Tumblr. It allowed a malicious user to insert code into a post that would then execute scripts or HTML when loaded by another user. This made it possible to load external sites without the user clicking on them, facilitating spam type posts, or allowing for the delivery of malware. Tumblr has since addressed the issue and closed the security hole.
Facebook has taken steps to step up its security and prevent common types of spam, as evidenced by them removing millions of fake accounts a few weeks ago. Action to remove some of the rogue apps has also been taken, helping make the social network a safer place. However, these security threats aren’t expected to be completely gone anytime soon.
There are things that users need to be aware of to protect themselves. The first thing is that if something sounds too good to be true, then it probably is. There is NO app which lets you see who visited your profile, there has never been, nor will they probably ever be one. Therefore, if you install an app that claims to do this on your Facebook profile, it is a rogue app that will simply end up spamming your and your friends news feeds with unwanted advertisements. Also, there are no giveaways of high priced products. Apple will not give you a free iPhone just because you installed a certain app on your profile. You will also not receive free Beats by Dr. Dre headphones simply because you liked a certain page, but you’ll simply end up receiving spam.
Keeping your PC secure is also another way to counter many threats like cross site scripting. As much of the malicious code is executed by Java, disabling it in your browser add ons is a good idea. If you ever need to visit a legitimate site that has a Java applet (these are getting rare anyways), you can manually re-enable it at that time. Installing an anti-malware program like AVG Free that scans all web sites that you visit is also a good idea to stay safe online.
