The (Rotten) Gift that Keeps on Giving

Oh, Thanksgiving Day.

You probably get a warm and fuzzy feeling even before the sugar high hits your brain just thinking about the mashed potato and turkey-packed day. What you’re probably not thinking about is that first Thanksgiving Day back in 1621. There were Pilgrims and Native Americans, food and gifts, don’t forget the gifts! The Native Americans gave the newbies their trade secrets for crop planting, fishing and hunting. And the pilgrims gave the Native Americans Smallpox.

Smallpox, the dreadful plague brought over on the Mayflower, wound up killing more than 90% of the Native American population within a few short years of its arrival on Plymouth Rock. Sure, today we don’t associate the big TD (Thanksgiving Day or Turkey Day, take your pick) with disease and death, but back then the Native Americans simply didn’t have the natural antibodies to protect them from the newbies’ foreign spores.

The “gift” of social media

Today, one thing that a whole lot of people are thankful for is social media. It connects the distant, it gives voice to the silent. It accelerates movements, and mostly, it entertains the bored. Every day, we bring it gifts in the form of comments, likes and shares. And it gives us gifts in return as well – feelings of validation from friends we have never met, and knowledge about things we have never known.

But another gift often received from our beloved platforms is malware.

Just like that first Thanksgiving, when Native Americans didn’t stand a chance against the superbug that piggybacked its way over the Atlantic, often we don’t stand a chance against malware on social media. Malware spreads like the plague because people are so accustomed to the open and sharing nature that our favorite escapes engender. But this casual attitude is a mistake. According to a report by security firm Symantec, hacks are “moving further away from email and into the social media landscape”. We know (well hopefully, anyway) to be exceedingly careful when it comes to keeping away from shady emails. But how careful are we really on social media?

Social media presents hackers and scammers with a low cost, high yield way to do a whole lot of damage at once. As long as people continue to use social media with the cognitive abilities of somebody who is asleep, (or is experiencing the aforementioned sugar surge and drop) don’t expect this arena to shrink any time soon. Let’s look at some of the ways hackers might be using your favorite social media platform to bestow malware upon your devices:

Shortened link malware: Character real estate is at a premium on Twitter and typical URL’s are a space killer. URLs shortened with a link shortened take the place of meandering ones but once links have been shortened, they bear no resemblance to their original form. Hackers know this and they make their own malicious URL’s jam-packed with malware, posing as legit ones. They publish articles with the ludicrous links and wait for the unsuspecting victims to click them.

Fake messages: This past July, 10000 Facebook users installed malware after they received “a message from a friend”. Clicking on the link installed a trojan that automatically hacked the victim’s Facebook account. Hackers were granted access to privacy settings and data and most shocking of all, it blacklisted any anti-virus programs to make it harder to locate and remove the trojan.

Click bait: Didja read the one about “The top 12 signs that you might have turkey poisoning? Or how about the “Celebs who only eat pumpkin pie and gravy all year long” one? Welcome to clickbait at its finest, a trend that Facebook hates because it moves readers off to other sites. More worryingly though, clickbait links often harbor malware or lead to sites that scan devices for security vulnerabilities. Once they find a weakness, they exploit it with trojans or zero-day exploits.

Hashtag hijacking: #turkeyday #thanksgiving #celebrate #stuffing. Sure, hashtags are a great way to get your tweets seen by more people, but they can also be used against you. Back when the world cup was a trending topic on the twitter-o-sphere in 2014, a group of ISIS supporters hijacked hashtags associated British soccer (or football if you’re from the other side of the Pond) clubs. Inserting pro-terror videos within the hashtags, they sought to recruit new members with an interest in social media. The same principle is used to distribute spam or malicious links, so stay aware.

Images laden with malware: Just yesterday, a new malware distribution method made its way onto Facebook Messenger – via images stuffed full with Locky ransomware. By embedding JavaScript into SVG image files, hackers were able to direct victims to a YouTube lookalike page that prompted them to install a fake Chrome extension to play videos. What it was really doing was installing Locky which has become a hacker favorite over the last year.

Thanks…but no thanks

Keeping social media’s ”gifts” away shouldn’t really be all that difficult if people would just follow some “should be obvious” rules:
-Don’t friend people you don’t know
-Don’t click shady links and do resist click bait
-Make sure to configure privacy settings the way you want them
– Use your head at all times!!

Now shut off your devices and enjoy the rest of Thanksgiving Day. Meanwhile, be grateful that you, unlike the unfortunate Native Americans of 1621, have the tools and the knowledge you need to protect yourself and the people you love from unwanted gifts.

P.S. To say “thanks” to all our readers, we are having an RCS Thanksgiving Day blowout sale. Use the coupon to take 60 percent off your RCS subscription – you’ll be “thank”ful you did!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s