Staying safe on social media
Social media accounts can be easily compromised, follow these guidelines to protect your personal details.
How to tell if you've been hacked
Keep an eye out for the warning signs:
- posts or messages appearing that you didn’t write
- being unable to log in due to a password change
- a changed profile picture
- your friends have received strange messages from your account.
What to do if you've been hacked
Take immediate action if you suspect your account has been compromised :
- Change your password
- Turn on multi-factor authentication
- Report the breach to the social media platform
- Notify your followers
- Check for suspicious activity
- Delete any harmful or offensive content
- Review your account's security settings
- Review other linked accounts.
Keep your social media accounts secure
Choose strong passwords or passphrases
Ensure passwords are unique across each social platform.
Do not use your UQ credentials for personal social media. Refer to the UQ Password Guidelines for guidance on choosing a strong password.
Enable multi-factor authentication
Multi-factor authentication (MFA) adds another layer of security to accounts, making it harder for unauthorised users to gain access.
The Australian Cyber Security Centre (ACSC) details how to setup MFA on a number of platforms:
- ACSC guide to setup MFA for Facebook
- ACSC guide to setup MFA for Instagram
- ACSC guide to setup MFA for Twitter.
Enable automatic updates on your social media apps
Updates or ‘patches’ are regularly released for software to fix any bugs or cyber security weaknesses. Ensuring you are using the latest version of the app will give you the best protection.
Be careful not to overshare online
Cyber criminals can use the information you share online to guess passwords, steal your identity, apply for loans and for other illegal activity.
Do not post:
- dates of birth
- addresses
- your children's schools.
Once information is online is it almost impossible to remove. Even if you have a private profile anything you post can be reshared.
Turn off geolocation
With geolocation activated criminals may be able to track your physical location. Some social media applications have the location-based functions turned on by default. You can turn off this function or restrict who can access this information in the app settings.
For more advice, see:
Avoid posting holiday check-ins, letting cyber criminals know you’re away from home. Wait until you return from holidays to share photos and stories.
Use the strongest privacy settings
Ensure your profile and posts are only visible to friends and adjust what information is available for public view. The larger and more accessible your digital footprint, the more information an attacker can retrieve about you. Set your online profile to ‘private’ or ‘friends only’.
For more advice, see:
Don’t accept friend requests from people you don’t know
The request or invitation may be from a fake account designed to collect data for cybercrime purposes and accepting the request would make yourself and your friends more vulnerable to scammers.
Be aware of scams, including phishing scams
Never click on suspicious links from strangers or friends. Scams can also be found in ads, posts and direct messages. They may take the form of a survey with a gift card reward, special promotional offer, or a quiz that is designed to draw personal information from you that is then used by a hacker to access your accounts.
Be aware of third-party applications on social media
A third-party application includes anything you’ve given permission to access or collect data from your social media accounts. An example would include an online game you play on your phone that is linked to your social media account. You can control the information shared to the third-party application by accessing your privacy or security settings of the social networking application or website.
Learn how to:
- Turn off Facebook's integration with apps, games and websites
- Control the data on Instragram you share with third-party apps.
Security questions for password recovery
Consider carefully the answers you provide when setting up security questions for password recovery. Details such as the name of your first pet, the street where you grew up or your mother’s maiden name can be easy to obtain by a skilled social engineer; you may even disclose them on your social networking profiles. It is important to be cognisant of the information you disclose online and how this may be used.
Personal use of social media by UQ employees should adhere to UQ’s online communications policy within Communications and Public Comment Using The University of Queensland's Name Policy.