Social Networking Services

 Social networking is the activity of creating personal and business relationships or connections with other people by using Internet-based social media programs. Social networking is done by using the social networking service. Social networking service (popularly called social networking sites) is an online service used by people to build social relations or social networks with people who share similar interests, careers, activities or real-life connections. Such sites allow users to share ideas, opinions, photos, videos and inform people about real world events and activities for instance, Facebook, Twitter, LinkedIn and many more.

Social network services are of three types:

• Socializing Social Network Services: These services are used to socialise with existing friends, for example Facebook.
• Networking Social Network Services: These services are used for non-social interpersonal communication, for example Linkedln.
• Social Navigation Social Network Services: These services are used for helping users to find specific information or resources, for example Goodreads for books.

Why Social Networking is so Popular?

There can be a number of reasons that can be attributed to the popularity of social networking sites globally. Some of these reasons are listed below.

• Worldwide Connectivity
• Commonality of interest
• Real-time information sharing
• Targeted advertising
• Increased news cycle speed
• Job hunting

 

What is a Profile?

A Profile is personal information describing a user and his interests. The Profile page of a user on any social networking site introduces them and provides information about their background. With the help of information contained in the profile, the outside world comes to know about the user’s online presence. This information helps the user find friends or acquaintances on social media sites.

User profile can contain the following information:

• Name or nick name
• Contact number
• Email address
• Workplace
• Education background
• Marital status
• Cover photo
• Photos and videos
• Friends list
• Group
• Communities
• Personal interests

Social Engineering

Social Engineering is the practice of convincing people to reveal confidential information about themselves, friends, relatives or colleagues. it involves human interaction and befooling people into breaking security procedures. Attackers gain trust of victim or victim’s family or friends and manipulate them, so that the required information is revealed.

Social Engineering has two approaches:

• Direct Approach: In this approach, the imposter directly convinces the victim to steal information through the means of phishing.
• Indirect Approach: In this, direct participation of the victim does not happen. The attacker gains information through victim’s relatives or friends.

Social Networking Security Threats

Social networking websites have become an easy platform for cybercrime. Cybercriminals exploit sensitive and private information for committing identity theft or attracting innocent teenagers (into sexual traps and other illegal activities). It is common for users of social websites to share information; however, they lose privacy. Users are unaware of the risks involved when they share their information on social networking sites.

 

Phishing

Phishing is the practice of obtaining private information in a fraudulent manner. Phishing emails are legitimate looking emails that makes user believe in them. An email may appear by the name of trustworthy company or website requesting you to update your information. Social networking websites contain user’s archived messages, user’s interests, their hobbies etc. Frauds may use this information to befool users by sending attractive emails of their interests and making them believe those are authentic ones.

Social sites require a user name and password for logging in. These are susceptible to phishing attacks. A user may receive a fake mail with a link that may redirect him to a login page. When the user logs in on the page, the attacker is able to capture the keystrokes and gain access to the user’s genuine login details.

Users must be careful when clicking email attachments and links received. For example, a user may receive a mail to reset the password of their account which was never requested for. Such mails can be phishing emails, trying to steal the information.

Identity Theft

 Identity theft occurs when an imposter uses the personal identification information for personal use, exploitation and illegal activities. In this attack, the imposter collects the information of the user from social networking sites such as name, photo, date of birth, contact number, email address and performs crimes. Crimes include applying for loan and not repaying, ordering credit cards, issuing documents like passport or driving license etc.

Some actions that can put you at risk of an identity theft are:

1. Using weak privacy or no privacy settings.
2. Accepting invitations to connect from unfamiliar persons or contacts.
3. Downloading free applications for use on your profile.
4. Giving your password or other account details to people you know.
5. Participating in quizzes (e.g. How well do you know me?) which may require you to divulge a lot of personal information.
6. Clicking on links that lead you to other websites, even if the link was sent to you by a friend or posted on your friend’s profile page.
7. Falling for email scams (phishing) that ask you to update your social networking profiles.
8. Using no or outdated security software to prevent malicious software from being loaded onto your computer and stealing personal information.

 

Protection Against Identity Theft

To safeguard yourself from identity theft and safely use social networking sites:

1. Create a strong password and change it often. Use a mix of upper and lower-case letters, numbers, and special characters (such as @, #, $, %, etc.) that are not connected to your personal information (birthdates, addresses, names, etc.).
2. Always use the highest-level privacy settings that the site allows. Do not accept default settings.

Malware

Malware refers to malicious code or program that attackers develop to harm or damage user’s security. The imposters aim to install malware on the user’s machine. For this purpose, they make use of spam mails or mails with false attachments. Attackers observe the user’s activities and hide malware in the form of links. When the user unknowingly clicks such links, the malware gets downloaded automatically on the user’s computer.

Other than this, there are variety of methods used by attackers to spread malware on social media websites, such as harmful tweets and direct messages.

1. Be cautious, while clicking any link
2. Do not post something vulnerable to attacks
3. Secure your profile by enabling privacy settings
4. Always use an antivirus program

 

URL Spoofing

URL Spoofing is the act of misleading a user to different website by sending a legitimate looking URL, but the URL sent is a false or forged URL. The spoofed URL looks exactly like the original URL or website. When clicked, such URLs redirect users to malicious websites. URL spoofing is performed to commit cybercrime, such as phishing, identity theft and various scams. The forged URL is sent to as many target victims as possible.

Clickjacking

Clickjacking is the attempt to hide malicious programs in the garb of legitimate buttons or links. The main aim is to trick the user into clicking these links or buttons which further triggers the downloading of hidden malicious program, thereby allowing the attacker to access the computer. Clickjacking is also known as User Interface Redress attack or UI Redress attack or UI Redressing.

HyperText Markup Language (HTML) scripting language is used to create a malicious link and use a transparent layer to embed it over the actual link. Clickjacking may result in the installation of a virus, worm or a trojan horse. The different types of Clickjacking techniques that are practiced are: Cursorjacking and Likejacking. Facebook is the common target for Likejacking, where when a user clicks on the video, instead of playing the video, the link triggers a Like button for the content.

Social Engineering

Social Engineering is the practice of convincing people to reveal confidential information about themselves, friends, relatives or colleagues. it involves human interaction and befooling people into breaking security procedures. Attackers gain trust of victim or victim’s family or friends and manipulate them, so that the required information is revealed.

Social Engineering has two approaches:

• Direct Approach: In this approach, the imposter directly convinces the victim to steal information through the means of phishing.
• Indirect Approach: In this, direct participation of the victim does not happen. The attacker gains information through victim’s relatives or friends.

 

Exploring Geotagging

Geotagging is the method of adding geographical metadata to various media such as images, videos, websites, SMS messages, QR codes or smartphone transmissions. The data usually consists of coordinates like latitudes and longitudes and sometimes may even include name of the place, distance and altitude. Geotagging is commonly used for photographs and can provide a lot of information about the photograph such as where the picture was clicked, at what time and the exact location.

People mostly use smartphones that have Global Positioning System (GPS) or location-specific services which come handy while using various apps. Apps for booking cabs or ordering food or finding a lost phone, use location-specific services. Also, the camera app of the phone uses geotagging service to record the information or location of the photograph taken. Some high end phones have in-built GPS which geotags any photo taken automatically.

As every coin has two sides, geotagging, despite being a trendy feature, has major privacy threat associated with it. Some social networking sites gives out the location of the users, allowing other users to know exactly where their friends are, what they are doing and with whom they are. Social networking sites provide the complete map of the location the people visit. Thus, it becomes very easy for predators to trace, track and stalk people. But, users can disable the geotagging feature on their phone and other devices.

 

Social Networking Threats to Minors 

The exposure of social networking sites has grown at such a tremendous rate that many children under the age of 13 years participate in social media activity. Many children interact with strangers on social networking sites including Facebook, MySpace and Twitter. This makes them vulnerable to attacks as they have little or no knowledge of online attackers.

There are various threats and issues associated with social networking sites. Social networking sites pose serious threat to minors.

Contact with Predators

Minors and teenagers, who are more active on so ( networks are exposed to sexual predators. Predators contact their victims most of the time under a false identity and locate them geographic ally. They pretend to be young children to trap kid . The risk is even greater as minors are less ((ireful compared to adults. 10 avoid this threat, users must make their profile private with the help of privacy settings and parents must monitor their children so that they don’t post any personal information on public platforms. Social websites such as Facebook offer an extensive range of privacy settings. Users must utilise these settings to secure themselves and their children.

 

 

Facebook Security

Facebook is an online social media and social networking service that allows registered users to connect with each other and outside world. You can create a profile, find and add friends, post status, share photos and videos. Facebook allows users to stay in touch with their friends by chatting and sending personal messages using Facebook Messenger. You can also share experience, events, opinions, poke friends, get notifications about your friends, play online games and tag your friends in photos and videos. You can also start a business and promote it using Facebook. All these activities can be performed using an individual account that is free of cost. According to Zephoria’s statistics, there are 1.94 billion users active on Facebook every month. On any given day, 1.15 billion users access Facebook using their mobile phone and five Facebook profiles are created every second.

Facebook stores a large amount of user data. Attackers create fake accounts to collect this data and add friends to view user profiles. Attackers may access the following information on Facebook:

1. Name and address
2. Phone number and email address
3. Educational data
4. Professional details
5. Friends
6. Interests and hobbies
7. Photo and videos

 

User can customize privacy and data visibility. To keep your Facebook account safe and secure from any undesirable activity, appropriate option in under settings must be configrure.

 

Twitter Security

Twitter is an online social networking and micro-blogging site used to send and receive messages called tweets. Tweets are short messages restricted to 140 characters and appear on the user’s profile page. Tweets can be posted by registered users; however, unregistered users can only read them. Sender can keep the tweets private as well and can go only to their list of friends. Users can subscribe to tweets from others, this is called following and subscribers are called followers.

Twitter allows users to share photos, videos, follow others, tag their followers and create hash tags for events. You can advise others, share news, concerns, opinions, facts, etc. This information is available publicly.

Twitter’s popularity is increasing day by day. There are 317 million monthly active Twitter users and 500 million tweets are sent per day. These facts indicate that users share huge amount of information through this online platform, attracting attackers to harm users.

An attacker may obtain the following information about a Twitter user:

• Personal information
• Friends information
• Number of followers
• Photos uploaded
• People following

 

Instagram Security

Launched in 2010, Instagram has rapidly grown to become the most popular visual social media platform. It is used by millions of users for sharing real-time photos and short videos about food, travel, fashion, art, etc. Instagram provides several unique filters along with video and photo editing features. The users can quickly apply a filter to give the photo a unique look.

The Instagram app, which is owned by Facebook, is primarily designed for mobile devices, but it can be accessed from web browsers as well. Instagram incorporates strict rules for banning inappropriate content including nudity and other types of offensive posts. Like most other social networking sites, the user must be at least 13 years old to create an account on Instagram.