Social Networking Security Threats

Social networking websites have become an easy platform for cyber crime. Cyber criminals exploit sensitive and private information for committing identity theft or attracting innocent teenagers (into sexual traps and other illegal activities). It is common for users of social websites to share information; however, they lose privacy. Users are unaware of the risks involved when they share their information on social networking sites.

 

Phishing

Phishing is the practice of obtaining private information in a fraudulent manner. Phishing emails are legitimate looking emails that makes user believe in them. An email may appear by the name of trustworthy company or website requesting you to update your information. Social networking websites contain user’s archived messages, user’s interests, their hobbies etc. Frauds may use this information to be fool users by sending attractive emails of their interests and making them believe those are authentic ones.

Social sites require a user name and password for logging in. These are susceptible to phishing attacks. A user may receive a fake mail with a link that may redirect him to a login page. When the user logs in on the page, the attacker is able to capture the keystrokes and gain access to the user’s genuine login details.

Users must be careful when clicking email attachments and links received. For example, a user may receive a mail to reset the password of their account which was never requested for. Such mails can be phishing emails, trying to steal the information.

Identity Theft

 Identity theft occurs when an imposter uses the personal identification information for personal use, exploitation and illegal activities. In this attack, the imposter collects the information of the user from social networking sites such as name, photo, date of birth, contact number, email address and performs crimes. Crimes include applying for loan and not repaying, ordering credit cards, issuing documents like passport or driving license etc.

Some actions that can put you at risk of an identity theft are:

1. Using weak privacy or no privacy settings.
2. Accepting invitations to connect from unfamiliar persons or contacts.
3. Downloading free applications for use on your profile.
4. Giving your password or other account details to people you know.
5. Participating in quizzes (e.g. How well do you know me?) which may require you to divulge a lot of personal information.
6. Clicking on links that lead you to other websites, even if the link was sent to you by a friend or posted on your friend’s profile page.
7. Falling for email scams (phishing) that ask you to update your social networking profiles.
8. Using no or outdated security software to prevent malicious software from being loaded onto your computer and stealing personal information.

 

Protection Against Identity Theft

To safeguard yourself from identity theft and safely use social networking sites:

1. Create a strong password and change it often. Use a mix of upper and lower-case letters, numbers, and special characters (such as @, #, $, %, etc.) that are not connected to your personal information (birthdates, addresses, names, etc.).
2. Always use the highest-level privacy settings that the site allows. Do not accept default settings.

Malware

Malware refers to malicious code or program that attackers develop to harm or damage user’s security. The imposters aim to install malware on the user’s machine. For this purpose, they make use of spam mails or mails with false attachments. Attackers observe the user’s activities and hide malware in the form of links. When the user unknowingly clicks such links, the malware gets downloaded automatically on the user’s computer.

Other than this, there are variety of methods used by attackers to spread malware on social media websites, such as harmful tweets and direct messages.

1. Be cautious, while clicking any link
2. Do not post something vulnerable to attacks
3. Secure your profile by enabling privacy settings
4. Always use an antivirus program

 

URL Spoofing

URL Spoofing is the act of misleading a user to different website by sending a legitimate looking URL, but the URL sent is a false or forged URL. The spoofed URL looks exactly like the original URL or website. When clicked, such URLs redirect users to malicious websites. URL spoofing is performed to commit cybercrime, such as phishing, identity theft and various scams. The forged URL is sent to as many target victims as possible.

Clickjacking

Clickjacking is the attempt to hide malicious programs in the garb of legitimate buttons or links. The main aim is to trick the user into clicking these links or buttons which further triggers the downloading of hidden malicious program, thereby allowing the attacker to access the computer. Clickjacking is also known as User Interface Redress attack or UI Redress attack or UI Redressing.

HyperText Markup Language (HTML) scripting language is used to create a malicious link and use a transparent layer to embed it over the actual link. Clickjacking may result in the installation of a virus, worm or a trojan horse. The different types of Clickjacking techniques that are practiced are: Cursorjacking and Likejacking. Facebook is the common target for Likejacking, where when a user clicks on the video, instead of playing the video, the link triggers a Like button for the content.

Social Engineering

Social Engineering is the practice of convincing people to reveal confidential information about themselves, friends, relatives or colleagues. it involves human interaction and befooling people into breaking security procedures. Attackers gain trust of victim or victim’s family or friends and manipulate them, so that the required information is revealed.

Social Engineering has two approaches:

• Direct Approach: In this approach, the imposter directly convinces the victim to steal information through the means of phishing.
• Indirect Approach: In this, direct participation of the victim does not happen. The attacker gains information through victim’s relatives or friends.

 

Exploring Geotagging

Geotagging is the method of adding geographical metadata to various media such as images, videos, websites, SMS messages, QR codes or smartphone transmissions. The data usually consists of coordinates like latitudes and longitudes and sometimes may even include name of the place, distance and altitude. Geotagging is commonly used for photographs and can provide a lot of information about the photograph such as where the picture was clicked, at what time and the exact location.

People mostly use smartphones that have Global Positioning System (GPS) or location-specific services which come handy while using various apps. Apps for booking cabs or ordering food or finding a lost phone, use location-specific services. Also, the camera app of the phone uses geotagging service to record the information or location of the photograph taken. Some high end phones have in-built GPS which geotags any photo taken automatically.

As every coin has two sides, geotagging, despite being a trendy feature, has major privacy threat associated with it. Some social networking sites gives out the location of the users, allowing other users to know exactly where their friends are, what they are doing and with whom they are. Social networking sites provide the complete map of the location the people visit. Thus, it becomes very easy for predators to trace, track and stalk people. But, users can disable the geotagging feature on their phone and other devices.

 

Social Networking Threats to Minors 

The exposure of social networking sites has grown at such a tremendous rate that many children under the age of 13 years participate in social media activity. Many children interact with strangers on social networking sites including Facebook, MySpace and Twitter. This makes them vulnerable to attacks as they have little or no knowledge of online attackers.

There are various threats and issues associated with social networking sites. Social networking sites pose serious threat to minors.

Contact with Predators

Minors and teenagers, who are more active on so ( networks are exposed to sexual predators. Predators contact their victims most of the time under a false identity and locate them geographic ally. They pretend to be young children to trap kid . The risk is even greater as minors are less ((ireful compared to adults. 10 avoid this threat, users must make their profile private with the help of privacy settings and parents must monitor their children so that they don’t post any personal information on public platforms. Social websites such as Facebook offer an extensive range of privacy settings. Users must utilise these settings to secure themselves and their children.