/ Technology

Through the hacker’s eyes: how to be secure on social media

Our investigation into ID theft saw information from social media sites used to obtain a credit card under false pretenses. Ken helped us mine the user profiles – here are his tips for preserving your privacy online.

Social media sites make it easy to update friends and family on what’s happening in our lives. But that same information could be used against you. User profiles typically document names, birthdays, hobbies, family members, when and where you went on holiday, and where you live and work.

This presents a mine of information to hackers that could be used to impersonate you, running up debts in your name, hacking your bank account or destroying your online life.

So here are my easy-to-do tips, so you can stay secure on social media:

1.  Activate privacy settings

Double check that your profiles are private, so that you have control over who can see your information. Social media networks have improved their privacy settings but these are often opt-in. You can manually adjust your settings on your profile page, restricting who can see your posts, photos and user profile, and it’s even possible to restrict the visibility of past posts.

Bear in mind that social networks often make money from your data, so they don’t always make securing your profile that easy. It’s not just Facebook, LinkedIn and others – don’t forget older social networks – they might be out of fashion, but your data may still be on them.

2.  Be choosy

Go through your friends list and make sure you personally know all of them. Avoid tagging people in photos to help protect others’ identities. Be suspicious of friend requests from people you don’t know, even if they say they know family or friends or met you in a location you know. You could look at creating a separate work and personal profile.

3.  Be selective when posting

Think about what information you are sharing. An innocent birthday photo could tell hackers when your birthday is, even if you have obscured this information in your profile. Think about whether posts divulge a place or event (such as your front door in the background of a photo) and deactivate geolocation settings. If you’re far from home, an attacker might just decide it’s an opportune moment for a burglary.

4.  Maintain your machine

Use and update anti-virus or security software for both fixed and mobile devices. Protect access to your mobile and tablet by setting up a PIN. Otherwise, if your device is lost or stolen, your social media account could easily be hijacked and the attacker can masquerade as you, potentially compromising not just you but also your friends and family.

5.  Think physical as well as virtual

Ensure you are on the edited version of the electoral roll to prevent hackers from obtaining your home address. Shred or burn physical documentation to avoid personal details being stolen from your bins – many organisations ask for a utility bill as proof of address

Has your social media profile ever been compromised? Have you ever suffered from ID theft? Do you have any further advice to share?

Which? Conversation provides guest spots to external contributors. This is from Ken Munro, a senior partner at Pen Test Partners, the ethical hackers who helped us in our investigation. All opinions expressed here are Ken’s own, not those of Which?.


Ken suggests that we use and update security software for both fixed and mobile devices. I know what to do with my laptop and desktop machines but I haven’t a clue about how to keep an iPhone secure, other than by keeping the operating system and apps up to date.

I doubt that I am the only one who is waiting for Which? to give us advice on how to keep our mobile devices secure.


I have used Kaspersky on my desktops and laptops for many years with no problems. I know they do mobile phone security although I haven’t used it but would do so if I decided to use my mobile on the internet.


Thanks Alfa, but Kaspersky don’t offer a product for iPhones.


If you Google ‘iPhone security’ you’ll find some useful tips on screen-locking, private browsing, passwords, etc. – but not so much about anti-virus type products.

Most techies agree that iPhones and iPads don’t need any such products – in the real world there just aren’t any threats to Apple devices.

It’s a different story with other operating systems – Android and Windows phones/tablets are vulnerable to loads of attack methods.

Rerun your Google search replacing ‘iPhone’ with ‘Android’ and you’ll see what I mean – plenty of security products on offer ……..


bib1, Think where Apple are winning here is that apps are vetted before going onto the AppStore, so the only way you’ll get isses with their apps is if you download them from other places.

Android just let anyone post apps and there in lies the problem.

FYI that used to be the case not sure if it still is.


Thanks both. I’m not too worried because the only financial transactions I’ve made on the phone is to buy the odd app. My banking etc is done on on a computer, which is protected.


Just a piece of an article on mobile phones:

“Why Your iPhone Will Inevitably Catch A Virus – ReadWrite – Mozilla Firefox

” Not that Apple’s iOS is in the clear. While Apple’s closed approach to development makes it a harder target to crack, this same secretive approach makes it dramatically more vulnerable once iOS’ security is hacked.

And it will be, according to Kaspersky, as he told The Wall Street Journal:

[T]he most dangerous scenario, I am afraid, is with iPhones. It’s less probable because it is very difficult to develop malware for iPhones, because the [operating] system is closed [for outside programmers]. But every system has a vulnerability. If it happens-in the worst case scenario, if millions of the devices are infected-there is no antivirus, because antivirus companies don’t have any rights to develop true end-point security [for Apple].

In other words, there’s no problem until there’s a problem. And then the problem is huge.”

The celebrity photo hack recently shows that all is not perfect in the Apple world.
” Some security experts have faulted Apple for failing to make its devices and software easier to secure through two-factor authentication, which requires a separate verification process after users log in initially.”


Yeah, spot on.
It’s Apple’s control of iOS apps that keeps them secure.
Doesn’t matter where you download your apps from – you can’t install a non-Apple-approved app unless you have ‘jailbreaked’ your iPhone/Pad.

Android-world is a free for all, just like Windows – and that route just leads to more revenue for the anti-virus vendors.