Do you ever hesitate to click on a post shared by a friend on Facebook? Not because it's a boring picture of their dinner, but because you're suspicious it might not actually have been posted by them?
The interconnectivity of social media means it is a perfect hunting ground for illegal activity, and increasingly people are realising that their "friend" many not actually be their friend.
Cybercrime on social networks can be broken down into three categories:
- the traditional broad-sweep scams, trying to lure you to click on something or visit pages that will push malware on to your computer
- searching for careless public exposure of personal data
- using social media as a platform to connect, exchange ideas and trade stolen information
Malware, scams and ransomware
The first category is the most widespread.
"The problem with social media is that people have an inherent trust," explains Mark James, security specialist with IT security firm ESET. "And that is what is being tapped into by those cybercriminals."
"People still believe that you have to click on something and download a file to be infected," he says.
"This really isn't the case anymore. There are things like drive-by-downloads, infected adverts and things like that. It's very easy to be compromised on your machines."In many cases the initial malware is just a gateway into the system. It doesn't do any real harm, yet. But once a back door is established to the infected computer, that access may then be put up for sale.
A package of data offering, of access to thousands of infected computers, will be snapped up by another criminal for use in a variety of ways.
With access to the computers received, criminals may then install software which, say, hijacks the victim's online banking, or reads usernames and passwords.
One of the most profitable scams is installing ransomware, malicious software that encrypts the data on a victim's computer and then asks for payment before restoring the system to its original state.
Reconnaissance
Social media is also an ideal hunting ground for anyone who has a clear target to attack, be it an individual or a company.
If you want to see who works in which company and in which position, or who they are friends with professionally and privately, this information can often be easily picked up on social media.
Any attack on a specific individual will be much easier if the target has made a lot of private information publicly available on their profiles.
Putting up defences
"Our only effective protection is a multilayered approach," Mr James of ESET explains. "There's no single protection anymore, there's no magic bullet or single piece of software that's going to protect us."
While security software is important, it's only a first step. It is a cat and mouse game where the bad guys produce the malware and the good guys try to produce the means to stop it.
Trading the booty
Social media, though, is not just an arena where criminals can steal information. It is also used for trading compromised data.
"Anybody is just two clicks away from finding compromised financial data in social media," says Gabriel Guzman, head of cyber intelligence at RSA, the security division of tech firm EMC.
"Information is easily accessible - and a massive amount of criminals are in fact doing this out of their own real profiles."