Social networking is everywhere. It is common to find parents, children, coworkers and even the elderly on the networks across the social media world on sites such as Twitter, MySpace,Facebook, YouTube and LinkedIn. With social networks people across the world have access to tools and options that were previously non-existent. However, there are just as many new opportunities to connect as there are to get into potential danger. Social networking has opened up many new doorways for cyber-crime, and with all the people on social networks who are completely new to technology, it is more important than ever to make sure people are aware of the risks.
Children – Children under the age of 13 should not be using the internet without some form of parental supervision. Most social network web sites have a minimum age limit so that young children cannot make profiles. However, it is easy to fool these systems. Make sure they are not entering too much private data, such as their home address or what school they go to. Just as it is simple for a young child to fake their age online, it is easy for a potential predator to fake a profile claiming to have the same interests as, and be the same age as, your child.
Phishing / Scams – There are a number of scammers on social networks who may try to steal or use your personal information; Information that can be used for potential crime such as identity theft or fraud. There are also websites that are set up to appear to look like your favorite social networks in order to steal your password. Once someone has your password they can use it to destroy your profile or send out spam messages and viruses, which could do irreparable damage to your online reputation. Always make sure you are at the right site when you enter your credentials. You can do this by double checking the address bar and making sure you are in the right place before you log in. Never will log-in sites ask you to send them your password. If you receive a message or email requesting your send them your password do not reply and forward the message to the network’s support or privacy department.
Privacy – One reason that many people are wary of uploading their photos or videos to a social networking site like Facebook is because they are concerned about retaining the copyright to their work. There is a major gray area as to who would own the materials that we upload. Someone who might be concerned about this might be a professional photographer or a musician who might want to share their work. Uploading photographs or music is a great way to get a lot of potential friends to notice it, but you might want to think about whether the network could end up owning this material. Another controversy with Facebook is that it could be sharing your private information with third party companies. This is why you are shown a privacy statement when you install an application. The providers of these applications are third party companies and websites who could be able to access your private information such as your address or phone number.
Employment – One thing we often forget while having fun on social networks is that almost anybody can see what we are doing. While we are tagging photos of what we did on the weekends or using social networks on company time it can be easy to forget that someone at work may see this and the result could cost you your job.
Businesses – Businesses have found a new place to market and brand themselves in social media sites. Having a medium available to connect with customers in a non formal way creates loyalty and awareness but could leave a company vulnerable to hackers and hecklers feeling the squeeze on your new found success. A social site provides information on what your company is doing and offers a platform to generate spiteful negative comments that could hurt the reputation of your business. These attacks could be controlled withreputation management and social media marketing strategies.
Social networks can be used to make friends, find romance or even to market yourself or your business. The important thing is to remember that these sites can also be misused and we need to take care of our privacy and reputation. Think twice about the way you use social networks.
Be acutely aware of the hazards of Social Networks. Always remember what is possible online. As with most things in life there are opportunities and there are risks; however eliminate needless risk. There is never a need to share private confidential information online. Use social networks to share and promote ideas. Be a giver but don’t give what you wouldn’t want just anyone seeing in public just by looking over your shoulder or seeing into your home or bedroom.
Update: August 11, 2011
These days nearly everyone belongs to a social network, where they spend anywhere from one to several hours per day, posting photos, instant messaging, tweeting, posting their locations on Facebook and any other number of windows into personal daily lives. While social networking has become a staple of social interaction, therein lies a great deal of potential dangers.
Social networking is made so that even those who least tech savvy can enjoy online socializing, talk to friends and share things going on in their lives. Most people doing this do not think about, or perhaps even realize, that everything they reveal to their personal network of friends, family, co-workers and acquaintances, is also very easily revealed to those who could use the same information to steal identities, commit fraud, steal information, and plenty of other life damaging crimes.
One of the worst things about the crimes committed through social networking sites, is that just about anyone is at risk, no matter who they are. Anyone from a CFO of a major credit union to a 14 year old girl, or a new college graduate to a retired senior citizen, is a potential for those that hunt out and prey upon unsuspecting social network users. Children especially, should have some form of supervision over their social network activities. The openness and ease with which contact is made online within a social network makes them even more vulnerable, and even easier to contact by child predators.
The elderly, as well, are often targeted by hackers, social engineering criminals and other con artists. Those who are retired should be on guard – the criminals who target people for personal information, passwords, pass codes and other sensitive information, are extremely skilled at what they do. They can con reasonable people into giving up information, and steal valuable secrets, all without the victim even being aware a crime was committed at all.
Below are some more specific ways in which social networking dangers affect various groups of people, how they are affected, and what to do about it.
Businesses
Businesses are often targeted by social engineers, and people who approach company employees in attempt to procure private company information, for the purpose of fraud, theft, identity or information theft, and other crimes. The reason social engineering is so dangerous is that the victims never even realize or suspect any foul play. Social engineering is done without force, and with unwitting consent, which makes it even more dangerous in some ways. It is very common for social engineers to use social networks to acquire initial information about a person in order to deceive and convince their victims to provide them with protected, classified, or any type of valuable information. Phishing, which is a type of social engineering as well, is the same kind of crime. The type of information available in social networking is more than enough for anyone to pretend as though they have system information about you as an employee over the telephone or even in person, which is how a lot of social engineering is conducted. However, sometimes it doesn’t even need to leave to the social network platform. Here is an example:
- A hacker breaks into the Facebook account of a financial institution employee by the name of Matt. Posing as this co-worker Matt, the hacker then sends an email to another company employee, Sara, while she is at work on the company PC. The message tells her that the attached files are photos from the company Christmas party. Sara opens the message and downloads the attachment to view the photos, but she sees nothing. Meanwhile, she unwittingly downloaded a hacking device used by the hacker to obtain Sara’s log-in information and continued to access the breached server inside the company’s financial network, where there is access to the company’s accounts. The hacker transfers hundreds of thousands of dollars out of the company’s financial accounts. This all began with an employee who was social networking on a company computer system, and another employee whose social network profile was very easily hijacked.
In the above scenario – which is similar to actual events that took place – phishing is used through social networking, and never goes any further than a simple suggestion to download company photos from the profile of someone trusted. This is how social networking can take the simplest connection or or piece of information, and use it for theft or fraud. When social network users see a message from a friend in their network, they subconsciously think, “I know him.” There is no alarm that goes off, or reason to verify identity, even though many are aware of just how vulnerable and easy it is for social network profiles to be hacked and taken over by imposters. The next example demonstrates the way the way that basic information viewed from a social network profile, leads to social engineering of enough information to procure the desired information with a single phone call.
While on his social network site at home, David posts on Twitter that he can wear polo shirts to work for a week while his boss is on vacation, because the temp boss won’t know the suit and tie dress code. A hacker that has been keeping an eye on this company using a variety of outlets and sources, notices this, and sees an opportunity. The next day at work, David receives a phone call.
- Hi David, this is Jake Manson, I am standing in for your boss, Greg for the week.
- Oh, hi. Greg must have thought the wrong guy was filling in, he said your name was Tom Rhoads.
- Ha, yeah, we temporary transfers don’t always work under the most organized conditions. Hey listen, I logged into the system here as a guest user, but I can’t access the files I need. The IT dept. told me to use another employee log-in and pass code for the day until they assign me a temporary one, I guess? They suggested you because you work with some of the same accounts under this department. Anyway, would you mind sharing your account log-in and password with me for the day? Your username is DJensen, right?
- DJensen28.
- Oh, got it. Okay, and the password?
- DJ081475.
- Great, got it. Thanks a bunch, and I’ll call if I have any trouble.
This is a social engineering example that demonstrates how even the most casual piece of information about a company could incite criminal activity, or create an opening for such deception. All the information suggested by the hacker came from David’s social profile, and his username suggestion was simply the first initial of his first name and his last name, like company usernames typically are. By looking at David’s network, he could see Greg was the name of his boss. He knew there would be a new guy filling in for his boss because of David’s Twitter. David was not even suspicious about the hacker’s name being different from what he had been told.
So, now that several examples of the ways social networking can severely compromise a company or business, how can it be prevented? Are there any solutions or processes that can help? The suggestions below address these questions.
- Do not use social networking sites on company computers. This gives hackers a back-door entry right into company accounts, files, and other information.
- Avoid posting information about work details, absences, or other information that could lead to an opening for imposters and social engineering tactics.
- Hackers use the answer to user accounts’ “secret question” to retrieve passwords and hack into accounts. Don’t create secret answers with logical answers or answers readily found through browsing information on social network sites, such as your mother’s maiden name, or the town you were born in. If the secret question is “what city were you born in?” make your answer a city in another country, preferably one you’ve never been to.
- Never, ever give out protected company information to those for whom you cannot verify identity. Even if the person is legit, it is better to be cautious. He or she will probably understand why, and may even appreciate your precautions. Your boss surely will.