High yield, high risk | Bangkok Post: tech

From PCs and internet, the world has now moved to the Facebook era.

With over 700 million users globally, and rising rapidly, Facebook is something that really matters because it has become a vital platform for running applications.

Social networks consequently have also become a target of hackers for distributing malware. Hackers release malware through Facebook applications, and for Twitter they do it by shortening the URL leading to the malicious Trajan web link of which internet users are unaware. Social networks have become a launch platform for hackers, and that's why users need to pay more attention when using them.

Of the well-known people on the Twitter ranks are Lady Gaga, Justin Bieber, Barack Obama, Katy Perry etc, all whose accounts have been hacked. In the case of Justine Bieber, for example, someone hacked into his friends' Twitter and got Bieber's phone number, @justinbieber got the "hacker's" phone number and tweeted it to his 4.5 million followers. As a result, the "hacker" received over 26,000 text messages.

Even the Prime Minister of Thailand, Yingluck Shinawatra's Twitter account was recently hacked and used to post questions about her competence.

People login social network sites, Facebook or Twitter, by using their email to login and most people use the same password for their several email and online sites, which an information security consultant emphasised was a very big mistake.

"Once your email is hacked, everything of yours is also gone", said Prinya Hom-anek, president of Acis Professional Centre, a leading information security consultant.

Users should be concerned because their email account is most important.

Why Thai politicians fall victim to hackers? More than 80% of email of the politicians are free email and thus not so difficult for hackers to attack, because the hackers can view their personal information at the website of the Office of National Anti-Corruption Commission (NACC). According to law, all politicians are required to report their personal information and assets to the NACC.

When hackers control your email account, they can recover email password by sending to the website, for example Twitter, that they forgot the password. This is the possible hacking method. Twitter then will send a link to reset the password without asking the old password.

"You should be concerned about the password you use to access the 'forgot password' session. Information that you provided in the 'forgot password' questions is as important as the password, however, users generally don't pay attention to this," Prinya noted.

Symptoms showing that your Twitter account is hacked are: There is text you did not tweet on your account; there are direct messages that you did not send; there is information in the "following" and "unfollowing" or "blocking" that you did not put; and you got a message from Twitter that your email was changed by your Twitter account.

What the users should do immediately once they were supposed to be hacked:

- Change the password by choosing Tab Password in the Account Settings.

- Cancel any connection with other programmes that you did not use by clicking the button Revoke Access.

- Change the password on any programmes that link with your Twitter account.

To recover your Twitter password, click at "Forgot it" and fill in information and click "Send instructions". Twitter will send password reset instructions to the email address consistent with you account.

When hacked, you should inform Twitter to suspend account at http://support.twitter.com/forms/general with the subject "Hacked or phished account", then there will be a process to return your account.

For inconvenient cases with Twitter account, you can go to http://support.twitter.com/forms/impersonation. However, compared to Facebook and Gmail, the security of Twitter is weaker.

In case your Facebook was hacked, you can recover the password by uploading your photo ID and resetting the password, or you can recover your Facebook account by identifying your friends' names, and report security problem. If you believe your account has been compromised by another person or a virus, click the "My Account is Compromised" button.

Common problems associated with use of social media, according to Prinya, are: Using weak password, using the same password as email account, sharing use of email and social media account, using a mobile device via a public internet or unknown wi-fi, using the social media for both private and business use, and less awareness on security and emerging threats.

Here are the tips to prevent your email account from hacking as suggested by the expert: Use different passwords for each account; don't keep confidential information such as passport, ID card or driver license scanned in the computer; don't use free wi-fi or unrecognised wi-fi; don't post personal information on the website; think before you click and don't open any email sent by unknown senders; apply the safest way of password recovery provided by the website such as via SMS; set a complex password and should not have any link with yourself such as phone number or birthday; the answer to the questions of password recovery should not be related; as well as change the password every three months.

In the meantime, you should have a backup email and backup SIM (of mobile number) for emergency cases so that you can reset the password to the backup email and the backup SIM.