Being part of Angel Tan’s social network meant keeping up with the details of her daily life. Those in her network regularly receives updates of her daily grind and photos of her workout at the gym, her travels and vacations, the food she ate, her OOTDs and meet-ups with loved ones and friends. Angel was practically an open book on Facebook and Instagram.
But her social media habits quickly changed when a hacker broke into her Facebook account and made fraudulent purchases using her credit card last year. Hackers looked through Angel’s posts and found one she made over two years ago where she shared her excitement over getting her first credit card by taking and sharing a photo of it. Hackers were then able to use other personal information she had posted online to make purchases.
“It was a wakeup call. I didn’t know I was sharing too much on social media until that incident,” Angel shares. “Now, I learned that I should pause before I post,” she adds.
Angel is just one of the many social media users whose Facebook accounts have been compromised. Marlene Cruz also recently fell prey to a hacker, who accessed her information from her dormant Facebook account and created an Instagram handle using her personal details and photos. Some of Marlene’s photos and posts were publicly viewable, which made impersonating her much easier for hackers.
But unlike Angel, Marlene was quick to detect the intrusion and immediately put in place the necessary security measures to protect her real social media accounts before the breach could do any more damage. “I also warned my friends not to accept any request from any suspicious account,” Marlene says.
Cyber traps
Cybercriminals now more than ever are achieving greater degrees of success particularly on social networks because these are more accessible and offer a treasure trove of valuable data that are useful in gaining access to one’s bank account, email, or credit card information, observes Jonathan John B. Paz, Bank of the Philippine Islands (BPI)’s Data Protection Officer and Enterprise Information Security Officer.
Security experts say that cyber crime has risen unprecedentedly in the past few years, with global cost expected to reach $2 trillion by 2019—four times larger than the 2015 estimate of $500 billion.
Paz points out that most users of social media are unaware of scams and intrusive permissions on social networking sites that are disguised as spams, personality quizzes, and click-baits. Such malicious content is easier and more widely circulated, he explains, because people trust those sending these messages, their “friends” or “followers” of their social media accounts.
“Social media users who fall into these cyber traps are also those who are excessively eager to share things and information about themselves, those who are too trusting, and unaware of the dangers lurking on the Net,” Paz says.
He also says posting geotagged photos that indicate place of residence and work, snapshots of identification cards, boarding passes for vacations, and sharing details of one’s lifestyle—which implies wealth—makes social media users more attractive to hackers. For example, barcodes found on boarding passes contain a lot of private information, which anyone can access with basic barcode reading software available for free on most mobile phones. These barcodes can include your full name, arrival and departure airports, the airline you’re flying with, the flight record number and your frequent flyer number. Once someone has access to your account, they will be able to do anything from cancelling flight to changing personal information related to the account.
Revisiting cybersecurity habits
Paz enumerates three traits of social media users who are highly vulnerable to cyber security risks: security negligent, too much self-promotion, and need for instant gratification.
Security negligent users upload and download digital information and files while oblivious to viruses, spam or phishing attacks. These users also perform banking transactions online or through their smartphones without much regard for possible security breach.
People who overly promote themselves by regularly publishing personal content, their opinions, and their activities are the top lure for scammers and hackers. Such intimate information posted online give cyber criminals ammunition in terms of profiling insights that allow fraudsters not only to find ways to cash in on stolen bank accounts or credit card information but also for extortion and blackmail.
Lastly, those who crave instant gratification can easily fall for fraudulent schemes that promise instant rewards and prizes gained with very little effort.
These common traits of many Filipino social media users make them extra vulnerable and have contributed to the weak and fragile state of cyber security in the country. For all its fame as the world’s social networking capital—Filipinos clock in an average of four hours and 17 minutes a day on social media—the Philippines is currently 37th out of 193 countries in terms of cyber security preparedness, according to a recent global security index report.
The same report also tagged the country as the most vulnerable to cyber attacks in the Southeast Asian region and the 10th in the world in terms of falling prey to cyber criminals.
Paz says the country’s weak cyber security can also be attributed to the lack of information among Filipino internet users on the myriad ways culprits use social engineering to get information, such as hacking, phishing, email address impersonation, fake but hyper-realistic websites or piggy-backing on target entities’ social media campaigns.
Self-defense
To protect online privacy and strengthen cyber security, Paz advises social media users to remove or omit as much personal and sensitive information as they can from social networking sites. Securing one’s mobile phone, both physically and digitally, is also a must as it carries sensitive information—contact lists, location and browsing history, among others.
“Social media users should also avoid internet cafes for transactions, email and social media access to thwart cyber criminals from stealing their passwords and other secure information, which may result in account takeover, fraud and public ridicule,” he says.
To further fortify one’s online defenses, Paz also recommends using difficult and different passwords across multiple platforms and services—including online or mobile banking apps, and to stop using public or open Wi-Fi, which can easily be raided by hackers to steal or download personal files.
Most importantly, Paz says that we should be more prudent of the information we share online. These days, it’s a fairly common practice to find quizzes and shareable content in the form of memes, such as “your first pet’s name plus the shirt color you’re wearing is the name of your rock band name.” Random quizzes such as these are instantly shareable for a few laughs and likes from your friends, but sometimes, criminals can take advantage of our nature by getting you to share valuable private information, such as a post that went viral during the craze around Prince Harry and Meghan Markle’s marriage. The post asked social media users to share their grandparent’s name, their first pet, and the street that they grew up on to create their “Royal Guest name.” Many participated without realizing that those three bits of information were also answers to basic security questions when setting up a private account.
“There is no substitute for being very careful,” Paz adds. “Hackers can only be kept at bay by being one step ahead of them.”
By: Jonathan John B. Paz, Bank of the Philippine Islands (BPI)’s Data Protection Officer and Enterprise Information Security Officer.
Art by Kyle Alandy Amor
*names have been changed to protect their identities