4 Ways to Avoid Malicious Links on Social Media - InformationWeek
Software // Social
09:06 AM
Evan Blair
Evan Blair

4 Ways to Avoid Malicious Links on Social Media

Social media remain fertile ground for hackers to expand their attacks through malware and trendjacking.

The past several weeks have seen numerous articles about the spread of malware via fake Ebola-related emails. Hackers will imitate the CDC, WHO, or major news outlets like CNN to spread dangerous links. Shocking headlines -- "Ebola virus has been cured!" -- entice people to click, resulting in compromised devices and accounts.

The ploy is not limited to email. Social media have also been used to disseminate dangerous information and manipulate users following the Ebola story. Hackers append trending hashtags, most commonly #Ebola, to amplify the scope of their attack -- a tactic known as trendjacking.

[Social networks can be both hero and villain during public panics. Read #Ebola Lessons: How Social Media Gets Infected]

By attaching an unrelated hashtag on to their own content, hackers capitalize on the popularity of the hashtag to target a larger audience. Users looking for information on social media need to be vigilant. The following precautions will help you avoid malicious links on social media.

Check the profile
The posting profile can be a revealing element in the equation of social media safety. Hackers will often use botnets (large networks of automated accounts) to spread malware and repost content. Bots are frequently programmed to trendjack popular hashtags, such as #ebola. The following features are common botnet giveaways:

  1. Strange or randomly generated handles or usernames
  2. Bursts of posts with links followed by bursts of posts with text only. This is done to fly under the radar of a social network's terms of service.
  3. Posts and account descriptions are book quotes or pseudo-coherent, which indicates an algorithmically generated strings of words. If the posts don't quite make sense, there's a good chance they are being computer generated.
  4. Questionable account pictures, like a scantily clad woman, are often used to catch the eye and entice users to interact with the account.

Check the post
The content in the post itself can be a strong indicator of a malicious link.

  1. If the post contains sensational text -- like a too-good-to-be-true statement or an incredible headline -- it's likely clickbait.
  2. If the post is affixed with unrelated hashtags, the hacker is likely using spray and prey distribution tactics. This type of trendjacking broadcasts the post to as large an audience as possible. Avoid these URLs, as they likely contain phishing or malware.

Check the link
Generally, link analysis requires advanced algorithms that analyze for hundreds of threat attributes. However, there are a handful of things you can do manually to identify malicious links.

  1. Always hover over a link before you click. A preview of the link will appear that will show the full address, unless it is a shortened link.
  2. Link shorteners, such as Bitly, are often used to hide a malicious link. For social networks with character limits, like Twitter, shortened links are common, so it is especially important to use discretion. Use a free link lengthener (like longurl.org or unshort.me) to reveal the full URL.
  3. Be wary of extremely long or random-looking links. These links are often used to disguise a malicious destination.
  4. Watch out for URLs that contain almost the same characters as real sites but are one or two characters off.
  5. Scan the link using any free online link analyzer, such as scanurl.net or virustotal.com.

When in doubt, don't click
If you doubt a link is trustworthy, don't risk it. There is plenty of quality literature on the web about events like the Ebola epidemic, and you can find it safely by searching directly. Don't get caught up in the panic on social media -- you'll save your devices and accounts from being infected, as well.

Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it? Get the Malware Mutation issue of Dark Reading today.

Evan Blair is a Co-Founder and the Chief Operating Officer at ZeroFOX. Prior to that, he was a member of the Accuvant Leadership Team where he led the multimillion-dollar Partner Solutions practice. Evan began his career as a financial analyst with Dresdner ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
11/10/2014 | 8:58:03 AM
Social media platforms for hackers
"The ploy is not limited to email. Social media have also been used to disseminate dangerous information and manipulate users following the Ebola story. Hackers append trending hashtags, most commonly #Ebola, to amplify the scope of their attack -- a tactic known as trendjacking."

Evan, hackers are hanging around the places where they can get maximum attention (victims). Social medias are platforms, where most of us are hang around and most of us are using it very carelessly. 
Register for InformationWeek Newsletters
Current Issue
The Next Generation of IT Support
The workforce is changing as businesses become global and technology erodes geographical and physical barriers.IT organizations are critical to enabling this transition and can utilize next-generation tools and strategies to provide world-class support regardless of location, platform or device
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll