How to stay Social Media Secure
Signs of a Compromise
If you log in to one of your social media accounts and notice posts, photos or direct messages that were definitely not posted or sent by you, or you receive an alert that your account password has been changed without your knowledge, your account has most likely been compromised.
What to do next
- Step 1: Change your password right away.
- Step 2: Notify your contacts that your account may have been compromised
- This will prevent them from clicking on anything suspicious that appears to be coming from you that might contain malware or be a phishing attempt.
- Step 3: Flag messages sent from your account not posted by you as scams to the social media site, and delete them from your profile page.
- Step 4: Review whether your account includes personal information that could be used to steal your identity or guess your security questions on other accounts.
- Date of birth
- Names of family members and pets
- Step 5: Consider whether the password for the compromised account is being used on any of your other accounts.
- Criminals will try your email address and known password on a range of accounts and websites to see if they can log in as you. This includes online shopping applications and banking sites.
- Step 6: Review if there are any applications or games installed on your device that you didn’t download. If found, delete them immediately.
- Step 7: Check your email and your online bank account/credit cards for any indication of purchases made without your knowledge. If found, change the passwords associated with these (each password should be unique and complex) and report any transactions to the fraud department of your financial institution.
Take these preventative measures to protect yourself
There are steps you can take to avoid having to deal with a compromised account altogether. Make it a practice to follow these steps when using all forms of social media to protect your accounts and your personal information:
- Where possible, access your account through your website browser, versus downloading the app on your mobile device.
- Do not click on suspicious messages or links, even if they appear to be posted by someone you know.
- If you get a “Friend Request” from someone you think you are already friends with then think, don’t click.
- Check your social media account for that friend
- If you are still connected to that friend then you can assume that the new request is a scam
- Report the scam and notify your friend that someone is impersonating them
- Flag any posts or messages that appear to be scams.
- Use a unique and complex password for all your accounts.
- Using a password generator can help you create strong passwords and will securely store them for you so you don’t have to remember them on your own.
- Do not log in to your accounts while using public Wi-Fi
- Avoid posting any personal details about yourself that can be used to guess answers to your stored security questions.
- Ensure password reset email addresses are pointed back to accounts where compromise might be detected (ideally your @ubc.ca account).
- Remain educated and stay up-to-date on the latest scams and malware threats by subscribing to the UBC Cybersecurity Confidential Communications website.
- Enable multi-factor authentication on all of your social media accounts
Go even further...
For a much more in-depth look at information security:Learn how to create a strong password and keep it secure
Learn about Enhanced CWL (added protection with Multi-factor Authentication)
Learn Privacy and Information Security tips when working on or off campus