Today, many of us have an active online life. And we spend a lot of time on platforms such as Facebook, Instagram and Twitter. But are you confident in your social media security? And do you know exactly how much of your data is being collected, by who, and for what purpose? Our data protection experts examine how social media could put you at risk.
Are you susceptible to social media fraud?
Cybercriminals are targeting people’s social media accounts in a bid to steal money and personal details. According to one report, a staggering 53% of all logins on social media websites are fraudulent, and 25% of all new accounts are fake[1].
It is vital be vigilant about the data we share online. For example, simply revealing that you are away on holiday could make you the target of burglary. Likewise, sharing data such as your date of birth, your mother’s maiden name, or the name of your first pet, could be used by cybercriminals to gain access to your online accounts. Answering a “what is your superhero/pop star/period drama name” question often reveals the answers to the most common security questions used by banks etc.
In another type of scam, a Facebook user received a message from a friend on Facebook claiming he was having trouble with his PayPal account. The friend asked if he would accept some eBay payments on his behalf and then send the money on to him. While many of us might be suspicious if we were asked to give money to someone, most people are far less likely to worry about receiving cash. He accepted two payments and sent them on to the bank details provided. However, as soon as the money left his account, he got a message from PayPal saying that the payments he received were fraudulent and were being reversed. This left the unwitting victim £300 out-of-pocket. To make matters worse, PayPal took no responsibility for the stolen money.
Is your data been exploited for political purposes?
There are two main concerns over how social media may be damaging our democracy:
- Deceptive advertisements and political misinformation are being used to mislead voters.
- People are being targeted using their private data to manipulate their voting behaviour.
The combination of these two tactics is especially worrying.
“People find messages to be more believable the more familiar those messages are, suggesting that repeated contact with falsehoods shared online will encourage their acceptance. More importantly, people are prone to believe messages that affirm their political viewpoint or identity regardless of the strength of the evidence, which suggests that partisan falsehoods are particularly likely to take root.”
Social media’s contribution to political misperceptions in U.S. Presidential elections, R. Kelly Garrett[2]
The Cambridge Analytical scandal
In 2018, an explosive expose published in The Guardian and The New York Times reported that millions of Facebook profiles were harvested for Cambridge Analytica in a major data privacy scandal. The reports came to light after a whistle-blower revealed how Facebook data was harvested to target American voters on behalf of Donald Trump’s election team. This personal information was taken without authorisation. Concerns over social media security and illegally acquired data were also raised in relation to the EU referendum result.
In response to the widely publicised scandal, both the Electoral Commission and the Information Commissioner’s Office launched investigations into the activities of Facebook. But the ICO had wider concerns than this one data breach. A statement by the Information Commissioner said:
“It’s part of our ongoing investigation into the use of data analytics for political purposes which was launched to consider how political parties and campaigns, data analytics companies and social media platforms in the UK are using and analysing people’s personal information to micro target voters.
“It is important that the public are fully aware of how information is used and shared in modern political campaigns and the potential impact on their privacy.”
Facebook eventually paid a £500,000 fine for this data breach (although it made no admission of liability). But the controversy over how social media is used politically is far from over.
In November 2019, in the run-up to a general election, the ICO wrote to all political parties reminding them to adhere to data protection laws due to ongoing concerns over how data analysis is being used for political purposes. Following this, in March 2021, the ICO launched guidance on the use of personal data in political campaigning to support campaigners through future elections.
How secure are your private conversations?
Most of us know to be careful about the things we post on social media, but did you know that your private conversations might not be as confidential as you think?
In 2019, Facebook admitted that it had been listening in on some users’ conversations. These messages were audio messages that users exchanged via its Messenger app. In its defence, the social media giant said that all the other tech companies were doing it too. And this certainly appears to be the case with Amazon, Apple, Google, and Microsoft all capturing and listening to audio from various users’ devices (all the companies who were pulled-up over such social media security practices said that the data was stripped of identifying information and was only used to improve their products).
Is the government listening?
The government is also keen to get access to our private messages. The current Home Secretary Priti Patel has said that the government should be allowed to read people’s WhatsApp messages to tackle crime. However, when talking about introducing laws to build back doors into end-to-end encrypted messaging services, this could make social media security less safe. Robert Hannigan, a former head of GCHQ, has said previously that such moves would amount to “weakening security for everybody to tackle a minority”. He added, “Encryption is an overwhelmingly good thing – it keeps us all safe and secure”.
Could a lack of social media security hurt your career or education?
Research has found that job recruiters are profiling social media profiles. And what they find could have an impact on your career prospects. According to one report[3], job recruiters are less likely to select candidates who:
- Appear to be too self-involved or opinionated in their social media posts
- Post content suggestive of drug or alcohol use.
“In 2018, 70% of employers reported looking at social media sites to help them evaluate potential employees, and almost that many — 60% — eliminated candidates on the basis of negative content”.
Michael Tews, associate professor of hospitality management, Penn State
Similarly, another survey[4] found that 36% of admissions officers viewed applicants’ social media profiles – and that percentage is rising year-on-year. These reports focused on recruiters in the US, but there is little doubt that the same is happening here in the UK.
The problem with memes and social media security
Even seemingly innocent memes could be exploited and used against you. For example, sharing then-and-now pictures could have significant consequences when you consider the potential of facial recognition software. Writing in Wired, Kate O’Neil argued that:
“Like most emerging technology, there’s a chance of fraught consequences. Age progression could someday factor into insurance assessment and health care. For example, if you seem to be aging faster than your cohorts, perhaps you’re not a very good insurance risk. You may pay more or be denied coverage.”
How to avoid data breaches on social media
Here are some quick tips to keep you safe on social media.
- When signing up for any new service, check the small print and make sure you understand how your data is being used
- Don’t assume a message is authentic. Just because someone knows some personal information about you (i.e. your address, mother’s maiden name etc.), that doesn’t mean they are genuine
- Don’t accept friend requests from people you don’t know
- Be careful about what you share online (e.g. avoid answering questions like “what was your mother’s maiden name” and “what was the name of your first pet”. Even if they seem to be part of a harmless quiz or post)
- Remove location data from your posts
- Use a different password for all your accounts
- Use two-factor authentication
- Check the privacy settings of all your accounts
- Don’t download suspicious apps
- Think twice before clicking on any links
- Read the T&Cs of any games or apps you want to use
- Always check with friends (offline) if they ask you to send money or do anything you are unsure about
- Keep an eye out for fraudsters looking to gather personal information about you
- Beware of romantic scammers and never give money to people you don’t know in real life
- If something doesn’t feel right listen to your instincts
- If you’re worried that you may be at risk, report it to your bank, the Police or Action Fraud straight away.
If you have been the victim of a social media data breach, or if you are concerned that social media has breached your GDPR rights, contact us to find out how we can help. Our initial advice is completely free, and there is no obligation to process.
[1] Arkose Labs
[2] https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0213500
[3] Penn State
[4] Kaplan Test Prep
