A tale from social media hell:
A few months ago, a friend of mine received a very embarrassing call from a work colleague. The colleague was asking about an “invite” that my friend had sent her via LinkedIn and wanted to know more about the event.
The only problem was, while my friend was indeed planning a very small work-related event, she had only sent a few emails out, and this person calling was not among the invited guests. All of a sudden, she had a dilemma: Was she supposed to admit to her colleague that her LinkedIn account had been hacked and had been sending out fake emails, or that her colleague was not invited? (She finally told a white lie and said that the event had been cancelled.)
My friend took the immediate step of turning on what is known as “two-step verification.” This is a process available on many sites and social media platforms whereby it takes, well, two-steps to log-in.
- First, you give your username and password, and then
- You are sent, via text or email, a verification code to input
The process is a bit cumbersome, sure, but it also is an essential step if you do not want your accounts hacked.
You have undoubtedly seen this problem many times, it may have even happened to you. Typically, you will receive an email or call from someone who knows you, suspicious and asking if you really did send that odd email, or inquiring if you knew that one of your social media accounts has a lot of unusual posts.
And while yes, this is embarrassing, for a business the danger is even more stark: Social media hacking can ruin your hard-won brand. Consider what happened to McDonald’s recently, according to USA TODAY:
“A McDonald’s Twitter account tweeted Thursday at President Trump, saying he was a “disgusting excuse of a President.” The tweet also said that it would love to have Barack Obama back and that Trump has tiny hands.”
The problem was, it was fake tweet.
“According to McDonald’s spokeswoman Becca Hary, the fast food giant’s Twitter account was hacked. “Twitter notified us that our account was compromised. We deleted the tweet, secured our account and are now investigating this.””
How can this happen? The way these schemes usually work is that you receive an innocuous request from someone, asking you to click a link (for example, “Someone from the class of 1998 is looking for you, click here to see who asked about you!”). You do, and the site you end up on looks normal, but isn’t, it’s infected with malware. Simply by logging onto it (or worse, logging in for whatever reason), the malware is transferred onto your computer. The malware might be, for example
- Key logging software that records you keystrokes. This allows cybercriminals to learn your passwords and then login to your social media accounts — or even your bank.
- Software that sends out fake social media messages as if it were you.
So how can you protect yourself and your business? Step one is to do what my colleague did and turn on two-step verification. Second, and you know this one, change your passwords every few months. Third, be sure to have anti-virus software installed on your system. Fourth, institute policies and educate employees about Internet safety.
Finally, if you don’t already, be sure to monitor your social media output. After all, you certainly don’t want your tribe thinking that you are suddenly now offering a “Miracle Weight Loss Cure!”
© 2017 The Strauss Group, Inc.