This content is viewable by Everyone
Safe Social Networking During the Holidays
Author: Esther Silver
Associated Services:IT Security Outreach and Training
Social networking is a fun way stay connected to friends and family and keep in touch with people you rarely see in person, especially around the holidays. However, the FTC recently reported that since 2021 one in four people who reported losing money to fraud said it all began on social media. The FTC went on to say, "Reported losses to scams on social media during the same period hit a staggering $2.7 billion, far higher than any other method of contact. And because the vast majority of frauds are not reported, this figure reflects just a small fraction of the public harm.” In addition, with the onslaught of artificial intelligence (AI), determining if ads are real has become increasingly difficult. For example, Tom Hanks recently warned the public about ads created with AI deep-fake technology that he did not authorize. Even worse, a new report from Check Point has uncovered the extent of fake ads plaguing social media platforms, particularly Facebook, in order to spread malware. The bad guys impersonate AI platforms like ChatGPT to get their hands on sensitive data. The message is clear: be careful while you are on social media platforms.
According to Robert Cialdini, Professor of Psychology and Marketing at the University of Arizona, “within the context of information security, social engineering uses people’s natural sociability to conduct malicious attacks against them in the real world or in cyber space.” He explains that people should look out for communications using the following tactics:
- Rapport/Physical Appearance: Pretending to be like you and/or have things in common with you. Don’t forget your information may be readily available on your social networking sites.
- Reciprocity: Sending you a gift knowing that most people will feel obligated to give something back. Beware of free gifts!
- Commitment and Consistency: Getting you to perform a small task in the hope that you will perform it again without as much scrutiny. Be very careful with “introductory offers.”
- Conformity: Making you think that everyone else has already taken the action. Don’t be a lemming!
- Authority: Pretending to be your boss or someone with extensive expertise. If an email from anyone, especially your boss, asking you to do something you wouldn’t normally do, question it!
- Scarcity: Pretending you will miss out on a wonderful opportunity if you don’t act quickly. Never act quickly! Slow down and scrutinize all communications.
As a healthcare organization, protecting patient privacy is paramount and there are rules that everyone must follow:
- Never share any patient information or patient photos on social networking sites
- Never post a personal opinion in a way where it might be confused with the official position of UCSF
- Never use the UCSF brand identity on any personal blog or social networking profile
- Never post any information that is proprietary to UCSF
Because of the recent geopolitical events, UCSF Communications has created UCSF’s Social Media Policies and Best Practices to further guide UCSF community on conduct and best practices while using social media.
You can further protect yourself and UCSF by adhering to the following practices:
- Don’t give to charities who ask for money on social networking sites. If you plan to give to charities during the holiday season, note that most reputable charities do not ask for money online or over the phone.
- Don’t post anything confidential or potentially embarrassing about yourself. Remember: once posted, always posted. Even if you immediately delete a post, it can still appear or be retrieved.
- Be selective with friend requests and make sure your friends respect your privacy. Criminals can piece together your personal information to guess your passwords, answer password-reset challenge questions, hijack your account, or try to steal your identity.
- Use high security settings on all social networking sites. Look for headings such as "Edit My Profile", "Settings", or "Account Details” and check drop-down menus for detailed privacy settings. If you’re not sure how to do this for a particular site, use a search engine to learn how.
- Use multi-factor authentication, if available. Even if your credentials are compromised, your data would still be safe. According to a recent FBI presentation for the University of California, currently 99.99% of compromised accounts did not have multi-factor authentication.
- Use and maintain anti-virus software and a firewall. Protect yourself against viruses and malware that may steal or modify the data on your own computer and leave you vulnerable to data breaches.
- Install apps and other software from trusted sites only. And keep the software updated once it’s installed.
- Use long and strong passwords or passphrases for your social media accounts. Use a short sentence that’s easy to remember but hard to guess. We recommend at least 12 characters from at least 3 of 4 categories (uppercase, lowercase, numbers, symbols).
- Use a separate password for each of your social media accounts. If the bad guys get your user ID and password for one of your accounts, they cannot also compromise your other accounts.
- Understand there are risks in using networks you don't control, like public wi-fi. Make sure the site you are accessing uses an encrypted connection by looking for https vs http and heed any warnings you get from your browser. Change advanced sharing settings and turn off file and printer sharing.
- Disable GPS and do not post information about your whereabouts. If the bad guys know you’re on vacation in Europe, they’re more likely to rob you.
- Review credit card and bank account statements to check for unauthorized charges. It’s best to do this as soon as you receive your statements. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
- Log in to your social networking sites frequently to make sure they have not been hacked. This is especially important if you use a particular site infrequently.
- Check to see if your email or phone number have been part of a data breach or your password is in common use. You can check this at the site Have I Been Pwned?.
- Get rid of accounts that are not in use. If an account is closed, it is much less likely to be hacked.
Take the Safe and Secure Social Networking Quiz. Everyone who passes the quiz wins one entry in a drawing for one of six $50 Amazon gift cards.
- Owning Team: IT Security
Team Lead: Patrick Phelan