The Dark Side of Social Networking
If you are not already engaging in social networking, statistics indicate you will be soon. Visits to social networking sites now account for 10% of the total time people spend on the Internet, according Nielsen Online. Two-thirds of Internet users in the U.S., Europe, Brazil and Australia visit social networking or blogging sites. Internet users total almost 156 million in the U.S. alone. Add in over 29 million in the United Kingdom and over 25 million in Brazil, and the numbers are just too large for the Bad Guys to ignore.
Ordinary Internet users have fallen in love with social networking. While the amount of time users spent on MySpace decreased from April 2008 to April 2009, the use of Facebook increased by 700% and of Twitter by 3,700% during the same period. Cybercriminals love social networking sites, too, because they have to remain easily accessible in order to grow their memberships. That means social networkers are in effect attending an open party where just about everybody is welcome, and who knows if anybody is watching the door.
The openness of these sites is an invitation to the Dark Side. No email verification is required, for example, when new users set up a Twitter account. It's hard to imagine an easier system in which to create counterfeit accounts. Social networking sites rely on a username and a password for security, which means that anyone who finds out your username and password can gain access to your account, assume your online identity, use it mischievously or maliciously, and leave you with little, if any, control over the situation. Until social networking site security evolves with time and improves by necessity, here are 12 Tips for Safer Social Networking.
- Think about how a social networking site works before deciding to join it. Some will allow only a defined community of users to access posted content; others allow anyone and everyone to view postings. Don't join any social network that asks you to share your address book or contacts.
- Always think before you click. Be wary of visiting the blog or webpage of other members because that other "member" may be a scammer, whose blog or webpage has been rigged to deliver a drive-by download of malware to your computer. If you think you have clicked on the wrong thing, contact your local computer support staff, your Internet Service Provider, or a computer consultant knowledgeable about security.
- Don't click on shortened (or "condensed") URL's, like those created by TinyURL and Bit.ly. There's no telling where these links lead to, and that makes it easy to funnel you to malicious websites. Watch out for "misspelled" links, like www.yuotube.com. Could be a typo or a trick.
- Keep control over the information you post. Consider restricting access to your page or postings to a select group of people, like friends, members of your team, your community groups, or your family.
- Keep your information to yourself. Don't post your full name, or any personal information about yourself or about anyone else. Be cautious about posting information that could be used to identify you or locate you offline, such as where you work or work-out.
- Make sure your screen name doesn't say too much about you. Don't use your name, your age, or your hometown. Even if you think your screen name makes you anonymous, it doesn't take a genius to combine clues and figure out who you are and where you can be found.
- Post only information that you are comfortable with others seeing - and knowing - about you. Many people will see your page or postings, including the people who will be interviewing you for a job five years from now.
- Remember that once you post information online, you can't take it back. Even if you delete the information from a site, older versions are stored on other people's computers and may be archived for years by Web search services.
- Think hard before posting your photo. It can be altered and broadcast in ways you may not be happy about. If you do post one, ask yourself whether it's one you'd include in your professional resume. Posting pictures of children invites exploitation and could expose them to real-world danger.
- Flirting with strangers online could have serious consequences. Some people lie about who they are; you never really know whom you're dealing with.
- Be wary if a new online friend wants to meet you in person. Do some research about them. If you decide to meet them, be smart about it: meet in a public place, during the day, accompanied by friends you trust.
- Trust your gut if you have suspicions. If you feel threatened by someone or uncomfortable because of something online, report it to the police and to the operators of the social networking site. You could end up preventing someone else from becoming a victim.
This information was in SANS Ouch Vol. 6 No. 7