Login
What does a hacker want with your social media account? Plenty.
Hackers hijack social media accounts for several reasons. They’ll dupe the victim’s friends and followers with scams. They’ll flood feeds with misinformation. And they’ll steal all kinds of personal information—not to mention photos and chats in DMs. In all, a stolen social media account could lead to fraud, blackmail, and other crimes.
Yet you have a strong line of defense that can prevent it from happening to you: multi-factor authentication (MFA).
MFA goes by other names, such as two-factor authentication and two-step verification. Yet they all boost your account security in much the same way. They add an extra step or steps to the login process. Extra evidence to prove that you are, in fact, you. It’s in addition to the usual username/password combination, thus the “multi-factor” in multi-factor authentication.
Examples of MFA include:
With MFA, a hacker needs more than just your username and password to weasel their way into your account. They need that extra piece of evidence required by the login process, which is something only you should have.
This stands as a good reminder that you should never give out the information you use in your security questions—and to never share your one-time security codes with anyone. In fact, scammers cobble up all kinds of phishing scams to steal that information.
Major social media platforms offer MFA, although they might call it by other names. As you’ll see, several platforms call it “two-factor authentication.”
Given the way that interfaces and menus can vary and get updated over time, your best bet for setting up MFA on your social media accounts is to go right to the source. Social media platforms provide the latest step-by-step instructions in their help pages. A simple search for “multi-factor authentication” and the name of your social media platform should readily turn up results.
For quick reference, you can find the appropriate help pages for some of the most popular platforms here:
Another important reminder is to check the URL of the site you’re on to ensure it’s legitimate. Scammers set up all kinds of phony login and account pages to steal your info. Phishing scams like those are a topic all on their own. A great way you can learn to spot them is by giving our Phishing Scam Protection Guide a quick read. It’s part of our McAfee Safety Series, which covers a broad range of topics, from romance scams and digital privacy to online credit protection and ransomware.
In many ways, your social media account is an extension of yourself. It reflects your friendships, interests, likes, and conversations. Only you should have access to that. Putting MFA in place can help keep it that way.
More broadly, enabling MFA across every account that offers it is a smart security move as well. It places a major barrier in the way of would-be hackers who, somehow, in some way, have ended up with your username and password.
On the topic, ensure your social media accounts have strong, unique passwords in place. The one-two punch of strong, unique passwords and MFA will make hacking your account tougher still. Wondering what a strong, unique password looks like? Here’s a hint: a password with eight characters is less secure than you might think. With a quick read, you can create strong, unique passwords that are tough to crack.
Lastly, consider using comprehensive online protection software if you aren’t already. In addition to securing your devices from hacks and attacks, it can help protect your privacy and identity across your travels online—both on social media and off.
The post How to Protect Your Social Media Passwords from Hacks and Attacks appeared first on McAfee Blog.
Authored by: Vallabh Chole and Yerko Grbic
On July 23rd, 2023, Elon Musk announced that the social networking site, Twitter was rebranding as “X”. The news propelled Twitter and X to gain headlines and become the top trending topics on popular social media platforms.
Scammers pounced on this opportunity and started renaming various hacked YouTube and other social media accounts to “twitter-x” and “twitter fund” to promote scam links with new X branding.
Figure 1. Twitter-X-themed YouTube Live Stream by scammer
Figure 2. Twitter X Crypto Scam
This type of scam has been active for some time and uses an innovative approach to lure victims. To make this scam more authentic, attackers target famous Influencers with sponsorship emails that contain password-stealing malware as email attachments. When password stealer malware is executed, the influencer’s session cookies (unique access tokens) are stolen and uploaded to attacker-controlled systems.
Figure 3. Malware Flow Chart
After the influencer’s account has been compromised, the scammer starts to rename channels, in this case to “Twitter CEO” and then the scammers start to live stream an Elon Musk video on YouTube. They post web links for new scam sites in chat, and target YouTube accounts with a large number of subscribers. On other social media platforms, such as Instagram and Twitter, they use compromised accounts to follow users and post screenshots with captions, such as “Thanks Mr.Elon”. If we look for these terms on Instagram, we observe thousands of similar posts. Compromised accounts are also used to post videos for software/game applications, which are malware masquerading as legitimate software or games. These videos demonstrate how to download and execute files, which are common password-stealing malware, and distributed through compromised social media accounts.
McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance, and support to take the steps to be safer online. McAfee protects against these types of scam sites with Web Advisor protection that detects malicious websites.
Figure 4. McAfee WebAdvisor detection
Below is a detection heatmap for scam URL’s targeting twitter-x and promoting crypto scams.
Figure 5. Scam URL Detection Heatmap
Figure 6. Password stealer Heatmap
| Scam Site | Crypto Type | Wallet | |
| twitter-x[.]org | ETH | 0xB1706fc3671115432eC9a997F802aC79CD7f378a | |
| twitter-x[.]org | BTC | 1KtgaAjBETdcXiAdGsXJMePT4AEGWqtsug | |
| twitter-x[.]org | USDT | 0xB1706fc3671115432eC9a997F802aC79CD7f378a | |
| twitter-x[.]org | DOGE | DLCmD43eZ6hPxZVzc8C7eUL4w8TNrBMw9J |
The post Scammers Follow the Rebranding of Twitter to X, to Distribute Malware appeared first on McAfee Blog.
Happy World Social Media Day! Today’s a day about celebrating the life-long friendships you’ve made thanks to social media. Social media was invented to help users meet new people with shared interests, stay in touch, and learn more about world. Facebook, Twitter, Instagram, Reddit, TikTok, LinkedIn, and the trailblazing MySpace have all certainly succeeded in those aims.
This is the first World Social Media Day where artificial intelligence (AI) joins the party. AI has existed in many forms for decades, but it’s only recently that AI-powered apps and tools are available in the pockets and homes of just about everyone. ChatGPT, Voice.ai, DALL-E, and others are certainly fun to play with and can even speed up your workday.
While scrolling through hilarious videos and commenting on your friends’ life milestones are practically national pastimes, some people are making it their pastime to fill our favorite social media feeds with AI-generated content. Not all of it is malicious, but some AI-generated social media posts are scams.
Here are some examples of common AI-generated content that you’re likely to encounter on social media.
Have you scrolled through your video feed and come across voices that sound exactly like the current and former presidents? And are they playing video games together? Comic impersonators can be hilariously accurate with their copycatting, but the voice track to this video is spot on. This series of videos, created by TikToker Voretecks, uses AI voice generation to mimic presidential voices and pit them against each other to bring joy to their viewers.1 In this case, AI-generated voices are mostly harmless, since the videos are in jest. Context clues make it obvious that the presidents didn’t gather to hunt rogue machines together.
AI voice generation turns nefarious when it’s meant to trick people into thinking or acting a certain way. For example, an AI voiceover made it look like a candidate for Chicago mayor said something inflammatory that he never said.2 Fake news is likely to skyrocket with the fierce 2024 election on the horizon. Social media sites, especially Twitter, are an effective avenue for political saboteurs to spread their lies far and wide to discredit their opponent.
Finally, while it might not appear on your social media feed, scammers can use what you post on social media to impersonate your voice. According to McAfee’s Beware the Artificial Imposters Report, a scammer requires only three seconds of audio to clone your voice. From there, the scammer may reach out to your loved ones with extremely realistic phone calls to steal money or sensitive personal information. The report also found that of the people who lost money to an AI voice scam, 36% said they lost between $500 and $3,000.
To keep your voice out of the hands of scammers, perhaps be more mindful of the videos or audio clips you post publicly. Also, consider having a secret safe word with your friends and family that would stump any would-be scammer.
Deepfake, or the alteration of an existing photo or video of a real person that shows them doing something that never happened, is another tactic used by social media comedians and fake news spreaders alike. In the case of the former, one company founded their entire business upon deepfake. The company is most famous for its deepfakes of Tom Cruise, though it’s evolved into impersonating other celebrities, generative AI research, and translation.3
When you see videos or images on social media that seem odd, look for a disclaimer – either on the post itself or in the poster’s bio – about whether the poster used deepfake technology to create the content. A responsible social media user will alert their audiences when the content they post is AI generated.
Again, deepfake and other AI-altered images become malicious when they cause social media viewers to think or act a certain way. Fake news outlets may portray a political candidate doing something embarrassing to sway voters. Or an AI-altered image of animals in need may tug at the heartstrings of social media users and cause them to donate to a fake fundraiser. Deepfake challenges the saying “seeing is believing.”
ChatGPT is everyone’s favorite creativity booster and taskmaster for any writing chore. It is also the new best friend of social media bot accounts. Present on just about every social media platform, bot accounts spread spam, fake news, and bolster follower numbers. Bot accounts used to be easy to spot because their posts were unoriginal and poorly written. Now, with the AI-assisted creativity and excellent sentence-level composition of ChatGPT, bot accounts are sounding a lot more realistic. And the humans managing those hundreds of bot accounts can now create content more quickly than if they were writing each post themselves.
In general, be wary when anyone you don’t know comments on one of your posts or reaches out to you via direct message. If someone says you’ve won a prize but you don’t remember ever entering a contest, ignore it.
With the advent of mainstream AI, everyone should approach every social media post with skepticism. Be on the lookout for anything that seems amiss or too fantastical to be true. And before you share a news item with your following, conduct your own background research to assert that it’s true.
To protect or restore your identity should you fall for any social media scams, you can trust McAfee+. McAfee+ monitors your identity and credit to help you catch suspicious activity early. Also, you can feel secure in the $1 million in identity theft coverage and identity restoration services.
Social media is a fun way to pass the time, keep up with your friends, and learn something new. Don’t be afraid of AI on social media. Instead, laugh at the parodies, ignore and report the fake news, and enjoy social media confidently!
1Business Insider, “AI-generated audio of Joe Biden and Donald Trump trashtalking while gaming is taking over TikTok”
2The Hill, “The impending nightmare that AI poses for media, elections”
3Metaphysic, “Create generative AI video that looks real”
The post Be Mindful of These 3 AI Tricks on World Social Media Day appeared first on McAfee Blog.
It’s no secret that when it comes to social networks, teen preferences can change dramatically from year to year. That holds with Twitter. Even though the social network has seen a dip in use overall, Twitter has proven its staying power among certain communities, and that includes teens.
According to a 2022 Pew Center Study, 23 percent of teens online use Twitter (down from 33 percent in 2014-15). Because of Twitter’s loyal fanbase, it’s important for tweeting teens as well as parents, and caregivers to understand how to engage safely on the fast-moving platform.
Many teens love the public aspect of Twitter. They see it as a fun place to connect with friends and stay up to date on sports, school news, memes, online trends and challenges, and popular culture. However, because the platform’s brief, 140–280-word format is so distinct from other popular networks such as TikTok, YouTube, and Snapchat, the online etiquette and ground rules for engagement are also distinct.
As fun as Twitter content is to share and consume, the platform still comes with hidden risks (as do all social networks).
Here’s a guide to help your family understand safe Twitter use and still have fun on this unique social network.
This is likely one of the most important phrases you can convey to your child when it comes to using Twitter. Every word shared online can have positive or negative repercussions. Twitter’s fast-moving, ticker-like feed can tempt users to underestimate the impact of an impulsive, emotionally charged tweet. Words—digital words especially—can cause harm to the reputation of the person tweeting or to others.
For this reason, consider advising your kids to be extra careful when sharing their thoughts or opinions, retweeting others, or responding to others’ tweets. We all know too well that content shared carelessly or recklessly online can affect future college or career opportunities for years to come.
There’s little more important these days than protecting your family’s privacy. Every online risk can be traced to underestimating the magnitude of this single issue.
It’s never too early or too late to put the right tools in place to protect your family’s privacy online. While Twitter has privacy and reporting features designed to protect users, it’s wise to add a comprehensive identity and privacy protection solution to protect your family’s devices and networks.
Kids get comfortable with their online communities. This feeling of inclusion and belonging can lead to oversharing personal details. Discuss the importance of keeping personal details private online reminding your kids to never share their full name, address, phone number, or other identity or location-revealing details. This includes discerning posting photos that could include signage, school or workplace logos, and addresses. In addition, advise family members not to give away data just because there’s a blank. It’s wise to only share your birthday month and day and keep your birth year private.
When is the last time you reviewed social media account settings with your child? It’s possible that, over time, your child may have eased up on their settings. Privacy settings on Twitter are easy to understand and put in place. Your child’ can control their discoverability, set an account to be public or private, and protect their tweets from public search. It’s easy to filter out unwanted messages, limit messages from people you don’t follow, and limit who can see your Tweets or tag you in photos. It’s also possible to filter the topics you see.
Respecting others is foundational to engaging on any social network. This includes honoring the beliefs, cultures, traditions, opinions, and choices of others. Cyberbullying plays out in many ways on Twitter and one of those ways is by subtweeting. This vague form of posting is a form of digital gossip. Subtweeting is when one Twitter user posts a mocking or critical tweet that alludes to another Twitter user without directly mentioning their name. It can be cruel and harmful. Discuss the dangers of subtweeting along with the concept of empathy. Also, encourage your child to access the platform’s social media guidelines and know how to unfollow, block, and report cyberbullies on Twitter.
Maintaining a strong parent-child bond is essential to your child’s mental health and the first building block of establishing strong online habits. Has your child’s mood suddenly changed? Are they incessantly looking at their phone? Have their grades slipped? An online conflict, a risky situation, or some type of bullying may be the cause. You don’t have to hover over your child’s social feeds every day, but it’s important to stay involved in their daily life to support their mental health. If you do monitor their social networks, be sure to check the tone and intent of comments, captions, and replies. You will know bullying and subtweeting when you see it.
We love to quote Spiderman’s uncle Ben Parker and remind families that “with great power comes great responsibility” because it sums up technology ownership and social media engagement perfectly. The more time kids spend online, the more comfortable they can become and the more lapses in judgment can occur. Consider discussing (and repeating often) that social media isn’t a right, it’s a privilege that carries responsibility and consequences.
The FBI estimates there are approximately 500,000 predators active online each day and that they all have multiple profiles. Anonymous, catfish, and fake accounts abound online wooing even the savviest digital native into an unsafe situation. Engaging on any social network can expose kids to a wide array of possible dangers including scammers, catfishes, and predators. Scams and predator tactics continue to get more sophisticated. For this reason, it’s important to candidly talk about online predator awareness and the ever-evolving tactics bad actors will go to deceive minors online.
Twitter continues to attract tweens and teens who appreciate its brevity and breaking news. While navigating online safety and social media can be daunting for parents, it’s critical to stay engaged with your child and understand their digital life. By establishing an open flow of communication and regularly discussing privacy and appropriate online behavior, you can create a culture of openness in your family around important issues. We’re rooting for you!
The post How to Protect Your Family’s Privacy on Twitter: A Guide for Parents and Kids appeared first on McAfee Blog.
FreshRSS 