Social malware: You’re only as secure as your most gullible employee

A chain, as the saying goes, is only as strong as its weakest link. Apply that logic to a business, and when it comes to social malware, you’re only as secure as your most gullible employee.

By now, even the most gullible employees will probably not fall for email-based phishing schemes. But social media, thanks to its newness, is another story.

What can you do? Educate your employees about the risks of social media and establish policies for social media use, especially in regard to malware, which can infect PCs and compromise sensitive information.

Common Social Media Malware Scams

There are a few common scams that should be known to all employees. These include links and apps purporting to let you “See who viewed your profile” or “View your top profile stalker.” Other come-ons are offers for free stuff for social games, fake Facebook features (like “See who poked me the most”) and games not offered on Facebook.

And the most common trick is when these things come from someone you know. It can be hard not to accept that interesting Facebook or Twitter message at face value, but your friend’s account may have been hacked. “An employee might get an update from a friend saying ‘Check out this cool cat video,’” says Anton Chuvakin, principal of Security Warrior Consulting. But you should always “be cognizant of what links you click that look sensational,” says national security expert Robert Siciliano.

The good news is that Facebook and Twitter are aware of such schemes and are working to shut them down. The bad news: Malware makers are working just as hard.

Smart Social Media Malware Tips

It doesn’t make much business sense to ignore the value of social media, so aside from training employees, be proactive in employing a strong defense against social malware. Experts suggest these precautions:

1. Use strong antivirus software. If your antivirus software is doing its job, it will stop malware from infecting computers in your network.

2. Use a good browser. The latest versions of Google’s Chrome browser and Firefox have features that “help a browser-based infection stay there,” says Chuvakin. Most current browsers offer much better security than they did years ago. In particular, Internet Explorer 6 is known for offering poor security. If you have an older machine in the office using IE6, consider upgrading.

3. Use a service that scans links to make sure they’re legitimate.

4. Update security patches.

5. Employ a strong firewall. And make sure it’s turned on.

6. Decode links before clicking. One technique spammers use to camouflage a bad link is to shorten it, so use a short URL decoder before clicking on anything. You can find good free ones on and

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Todd Wasserman has been writing professionally for close to 20 years. For the past 11 years, he has covered the advertising and marketing industry for Brandweek, which promoted him to editor-in-chief in 2007. Prior to that, he wrote for the now-defunct Computer Retail Week and various daily newspapers including the Herald & News in Passaic, N.J., and the Register-Citizen in Torrington, Conn. Wasserman has also freelanced for The New York Times, Business 2.0, The Hollywood Reporter and Inc, among other publications. On his down time, Wasserman enjoys playing racquetball and Scrabble, though not at the same time.

  • Maria Arenillas

     Hi Todd. Thanks for this post on social media
    malware. At AVG, we keep a close eye on all kinds of malware – and blog about
    them regularly – to ensure that we keep our users safe whenever they’re online.
    Your tips for businesses on staying protected from malware are all very sound,
    and they’re all things with which we can provide assistance. To find out more,
    or to join the discussion on online security, why not pay us a visit at or

    Kind regards,
    Maria Arenillas
    Community Manager at AVG