Social media's hazards include phoney likes and opportunistic malware

Social media sitesare reaching more people every day, but that also means more people than ever are exposed to some of the risks that go with the terrain.

One of those may be hard to spot: Your account can be infected by some kind ofmalwarea blanket term used to describe a range of viruses or computer attacks without your knowledge. When this happens, your accounts can spread phoney links, potentially affecting your friends' accounts, too. The activity can also misrepresent you.

• Forget the election polls. Who's winning on social media?
• Social media can be Achilles heel for politicians, aides

This week, CBC journalist RegSherrensaidhisFacebookaccount somehow "liked"the Conservative Party of Canada page, as well as a handful of other company pages he says he's never heard of.

Sherrenisadamant that he never "liked"the pages, even though aFacebookspokesperson said he could have done it without noticing.

'Like'-buying

Sherrenwondered if his "like"was somehow bought, which is a separate issue frommalware.

That's the process of buying "likes"in order to give the appearance that a company has more supporters and followers than it actually does.

When initially asked about buying likes on Facebook, Cory Hann, the Conservative Party's communications director,said"it's an internal party matter."

After Sherren's story aired, Hann denied that his party buys likes.

"We advertise onFacebookjust like any other political party, but we do not buy 'likes,' "he said.

Facebooksays "like-buying"is a very rare problem. AFacebookspokesperson, who can't be named due to their company policy, said in a statement that they actively crack down on this activity.

"When we detect suspicious activity, we replace the normal inline 'like' button with one that pops out a dialog asking the person to confirm their 'like'. Unlike an inline button, the pop-out dialog cannot be obscured by other page elements to trick people."

Opportunisticmalware

Regardless of what happened in Sherren's specific case, the issue opens up the question of whether this is even possible: How can yourFacebookaccount "like"a page without your knowledge?

SusieErjavecParker with the Sparker Strategy Group in Winnipeg said she's seen it before.

"If you click on a video or if you click on a game that you play and it takes you off to a third party site, those third-party sites are not necessarily secure. And they can be using cookies to track your data and to manipulate what you're doing with that data," Parker said.

JoshGillmore, a business intelligence analyst, said there are a few ways it can happen.

He echoed Parker, saying a person can click on a video onFacebookand then be directed to anotherwebsitethat can infect their computer withmalwarein an attempt to stealFacebooklog-in informationor hijack their account. He calls this "opportunisticmalware."

"So the person who clicked on that content would receive the virus and on the other end, still see the video and be completely unaware that their computer was compromised,"Gillmore said.

Another problem on social media is malwarethat posts spamthrough your account.Gillmoresaidthat some social mediacontent may masquerade as something benign a regular website, for instance but when you click on it, it will start posting to your account and liking pages without your permission.

He saidhe came across this problem a couple years ago. People in SyriaonFacebooksaw posts masqueradingas Canadian government sources. Users who clicked those sites then saw their accounts send out spamwithout their permission.

Facebooksays that they're very proactive aboutspam.

"We've built a combination of automated and manual systems to block accounts used for fraudulent purposes such as generating fake clicks or followers, and we are constantly improving these systems to help us better identify suspicious behaviour. We also take action against sellers of fake clicks and help shut them down," the company said in its statement.

What you can do

There are a number of basic steps you can take to ensure your social media accounts are secure:

1. Activity log

To check for unknown "likes," you can look through your activity log, which is accessible on everyFacebookuser's profile page. This shows everything a user has ever done onFacebook, down to those embarrassing wall posts from 2006.

"People can and should periodically check their activity log to monitor what they have 'liked' onFacebook," the companysaid.

2. Security checkup

Facebooklaunched a new tool in June called Security Checkup, which is meant to help users more easily find and use security controls inFacebook.

3.Passwords & shared computers

Don't share your password, don't use the same password for everything, and make it hard to guess. Also, log out ofFacebookwhen you use a shared computer.

4.Anti-virus software

It's always a good idea to run it on your computer.

5.Lock down your account

If you're worried, you should check your privacy settings to make sure they're what you want them to be. You can make your account private and only visible to people you know.

6.Common sense

Think before you click any link or download anything.Gillmoresays that if it looks odd, you should not click on it.

"Don't go and visit that content, and you could even ask the other person if they intended to distribute that content,"he said.