Social media sites are reaching more people every day, but that also means more people than ever are exposed to some of the risks that go with the terrain.
One of those may be hard to spot: Your account can be infected by some kind of malware — a blanket term used to describe a range of viruses or computer attacks — without your knowledge. When this happens, your accounts can spread phoney links, potentially affecting your friends' accounts, too. The activity can also misrepresent you.
- Forget the election polls. Who's winning on social media?
- Social media can be Achilles heel for politicians, aides
This week, CBC journalist Reg Sherren said his Facebook account somehow "liked" the Conservative Party of Canada page, as well as a handful of other company pages he says he's never heard of.
Sherren is adamant that he never "liked" the pages, even though a Facebook spokesperson said he could have done it without noticing.
Sherren wondered if his "like" was somehow bought, which is a separate issue from malware.
When initially asked about buying likes on Facebook, Cory Hann, the Conservative Party's communications director, said "it's an internal party matter."
After Sherren's story aired, Hann denied that his party buys likes.
"We advertise on Facebook just like any other political party, but we do not buy 'likes,' " he said.
Facebook says "like-buying" is a very rare problem. A Facebook spokesperson, who can't be named due to their company policy, said in a statement that they actively crack down on this activity.
"When we detect suspicious activity, we replace the normal inline 'like' button with one that pops out a dialog asking the person to confirm their 'like'. Unlike an inline button, the pop-out dialog cannot be obscured by other page elements to trick people."
Regardless of what happened in Sherren's specific case, the issue opens up the question of whether this is even possible: How can your Facebook account "like" a page without your knowledge?
Susie Erjavec Parker with the Sparker Strategy Group in Winnipeg said she's seen it before.
"If you click on a video or if you click on a game that you play and it takes you off to a third party site, those third-party sites are not necessarily secure. And they can be using cookies to track your data and to manipulate what you're doing with that data," Parker said.
Josh Gillmore, a business intelligence analyst, said there are a few ways it can happen.
He echoed Parker, saying a person can click on a video on Facebook and then be directed to another website that can infect their computer with malware in an attempt to steal Facebook log-in information or hijack their account. He calls this "opportunistic malware."
"So the person who clicked on that content would receive the virus and on the other end, still see the video and be completely unaware that their computer was compromised," Gillmore said.
Another problem on social media is malware that posts spam through your account. Gillmore said that some social media content may masquerade as something benign — a regular website, for instance — but when you click on it, it will start posting to your account and liking pages without your permission.
He said he came across this problem a couple years ago. People in Syria on Facebook saw posts masquerading as Canadian government sources. Users who clicked those sites then saw their accounts send out spam without their permission.
Facebook says that they're very proactive about spam.
"We've built a combination of automated and manual systems to block accounts used for fraudulent purposes such as generating fake clicks or followers, and we are constantly improving these systems to help us better identify suspicious behaviour. We also take action against sellers of fake clicks and help shut them down," the company said in its statement.
What you can do
There are a number of basic steps you can take to ensure your social media accounts are secure:
1. Activity log
To check for unknown "likes," you can look through your activity log, which is accessible on every Facebook user's profile page. This shows everything a user has ever done on Facebook, down to those embarrassing wall posts from 2006.
"People can and should periodically check their activity log to monitor what they have 'liked' on Facebook," the company said.
2. Security checkup
Facebook launched a new tool in June called Security Checkup, which is meant to help users more easily find and use security controls in Facebook.
3. Passwords & shared computers
Don't share your password, don't use the same password for everything, and make it hard to guess. Also, log out of Facebook when you use a shared computer.
4. Anti-virus software
It's always a good idea to run it on your computer.
5. Lock down your account
If you're worried, you should check your privacy settings to make sure they're what you want them to be. You can make your account private and only visible to people you know.
6. Common sense
Think before you click any link or download anything. Gillmore says that if it looks odd, you should not click on it.
"Don't go and visit that content, and you could even ask the other person if they intended to distribute that content," he said.