Carnegie Mellon University

Spooky Social Media Cyber Threats

October 23, 2019

Spooky Social Media Cyber Threats

Social media has changed the way we live our lives. From the way we get our news to the way we interact with friends and family. Social media is everywhere and it’s here to stay. However, because the power of social media is so easy to utilize, most people let their guard down when it comes to cybersecurity, which can come back to haunt them at some point in the future, in a number of different ways.

Cyber security threats can be scary and even downright frightful when you don’t know what to look for. This Halloween the Information Security Office wants to make sure that unlike the characters in your favorite horror movie, you are prepared to defend yourself against these types of spooky cyber threats before it’s too late!

Oversharing Can Lead to Double, Double, Toil, and Trouble 

There are bad actors who use social media as a research method seeking identity information with nefarious intentions such as identity theft, fraud, impersonation, intimidation, or to craft a spear phishing attack. The more information a bad actor has about you, the more susceptible you are to a cyber-attack.

Be cautious when enabling geotagging features on social media networks. Sharing your location risks identity theft and even your physical safety. Once a location is tagged and posted, all data associated with that post becomes publically accessible. Careless use of social media can even expose you to home invasions since you are basically telling strangers exactly when you are not going to be home.


  • Never share any personal information on social media such as birth dates, addresses, location, phone number, email, financial information, job information, and sensitive photos.
  • Use custom privacy settings and review them regularly. Many social media sites provide settings that allow you to restrict public access to your profile. Additionally, you can filter what is posted about you and by whom by requiring permission before posts become visible. These settings change often, so make sure to periodically review and update as necessary. 
  • Understand Hashtags. Hashtags (#) are a popular way to provide commentary or tag specific pictures. In many cases, when you apply a hashtag to a post that is otherwise private, anyone who searches for that hashtag can see the post. 
  • Be mindful of your security question answers. If the answer to your security questions can easily be found on social media or with a quick Internet search, then your account is susceptible to a cyber-attack. Instead, use challenging security questions or make up the answers for your security questions that only you know. Who else would know that the make of your first car was a broomstick? 

Don't Be Tricked into Giving a Cybercriminal a Treat

Phishing schemes are disguised as nasty tricks where a cybercriminal poses as someone else in order to trick the recipient into providing them with credentials, documents, credit card numbers, and other personal information. The information that users post on social media can be used to craft a targeted phishing email containing a malicious link. 

While most malware hides inside email attachments and download links, they can also be spread through social media via shortened URLs, or even be inserted into a social media ad. Once clicked, the malware can act like a ghost in your network and steal as much data on your computer as possible without leaving a trace of footsteps behind.


  • Be wary of others. Most social networking sites do not have a rigourous process to verify the identity of their users. Always be cautious when accepting a friend request or a follow—it might not be from the person you think. 
  • Google yourself. Find out what other people can access about you by doing a search on yourself. If there is any information about you that is publically available, be sure to remove it from that site. 
  • Install antivirus and run it often. Most basic malware viruses that are spread through social media can be blocked by a good antivirus software. 
  • Use common sense. If your Great Aunt Margaret; who you haven't spoken to in years, sends you an out of character message with a link, use your best judgement and delete the message. 

Be Sure to Lock the Door to Your Accounts

Most cybercriminals will use the clues on a user's social media accounts to attempt to hack the pasword to the account. Because so many social media users have multiple accounts on multiple sites, cybercriminals are aware that uninformed users are most likely using the same password across all of their accounts. Once one account is compromised, the rest of the accounts, as well as the user's identity is at risk. 

  • Create strong passwords and don't reuse them. Password should contain a mix of letters, numbers, and symbols and be at least 12-characters long. Never reuse a password, instead use a password manager to create and store strong passwords for you. 
  • Use multi-factor authentication wherever it is available. Multi-factor authentication such as two-step authentication, should be implemented on any account to add an extra layer of account security.
  • For more information on multi-factor authentication per specific platforms reference the links below: