With reports emerging that local Facebook users are getting tagged by people who are not their “friends”, the country’s National Computer Emergency Response Team (N-CERT) has issued an advisory to prevent becoming a victim of the malicious attack.
N-CERT, which is also known as PH-CERT and is the division of the Department of Information and Communications Technology that is responsible responding to computer security incidents in the country, said the tagged posts are believed to be a malicious link that may lead to different attacks.
“If you received a notification tagging you in a seemingly malicious post, or from people whom you do not know personally, CERT-PH advises not to click the link attached to the post and report it to Facebook immediately,” it said in advisory on Wednesday, April 21.
To tighten the privacy of Facebook users, PH-CERT listed the steps on how to lessen the possibility of clicking the malicious link:
- Go to your Facebook account settings
- In the settings page, navigate to the Notification Settings
- Now, in the “What Notifications You Receive” section select the “Tags” button
- Then, go to “Get notifications when you’re tagged by” and select the “Friends” button
“This process will now limit the notifications that will appear in your Facebook Account Notification Tab to your Facebook friends only,” it said.
To remove comment tagging, PH-CERT recommended the following:
- Go to the post where you have been tagged in a comment
- Click more option () and choose Give feedback or report this comment
- Then choose spam on report choices and click next
- On the other steps you can take, choose “Remove tag”
Cybersecurity Kaspersky, meanwhile, said in a statement it is not the first time that the malicious video tagging has happened in Facebook.
“But it appears to be an example of social engineering that cyber attackers use to get victims to respond by clicking on an infected attachment,” said Yeo Siang Tiong, general manager for Southeast Asia at Kaspersky.
Social engineering is a manipulation technique that uses human psychology that cyber attackers use to trick someone or to lure unsuspecting users to expose data, spread malware infection, or give them network or computer access.
Kaspersky said scams based on social engineering are built around how people think and act. “Attackers may use emotional manipulation to convince you to take an irrational or risky action that you otherwise wouldn’t. Fear, excitement, curiosity, anger, guilt, and sadness are emotions normally used to convince an unaware, clueless person,” Yeo said.
“On social media, trust is important among users and it is also essential in a social engineering attack. Users are usually tricked by accounts they follow, usually under the names of people they know and trust,” he added.
The company advised users to take basic measures to protect themselves by observing the following:
- It’s cliché but the rule of thumb in Internet security is always think before clicking.
- Set a strong password.
- On social media, take advantage of the security and privacy features of your favorite platform. You can control who can tag you or who can see your posts. Because Facebook regularly makes changes to their settings, it’s worth your attention and time to check your own saved settings from time to time to update it for maximum privacy.