Remember last summer when Google CEO Eric Schmidt caused an uproar by suggesting that young people might want to change their identities to escape the past that they had overshared on the Internet? “I don’t believe society understands what happens when everything is available, knowable and recorded by everyone all the time,” Schmidt told The Wall Street Journal.
For the hundreds of millions of people of all ages who use social media, Schmidt’s warning is even more apt today than it was a year ago. The explosive growth of social networks has transformed hackers – once the classic outsiders – into armchair insiders. Now hackers can mingle with their targets. Facebook, Twitter, LinkedIn and MySpace have created a never ending supply of victims who are available 24/7.
How Victims Ended up Naked on Facebook
Case in point: In June, a 24-year-old Florida man was arrested for breaking into women’s web mail accounts in search of explicit photos to post on the Internet. How did he do it? According to IDG News Service, it was a classic phishing scam. The man got his victims’ email addresses from their Facebook pages. Then he sent them phony electronic greeting cards asking for the log-in information for their web mail accounts. Once the hacker got the women’s passwords, he rifled through their mailboxes looking for nude photos they’d sent to their boyfriends or fiancées. Then he posted those photos to their Facebook accounts for all their friends and family members to see. Police identified 22 victims in their early 20s.
Cybercriminals Use Online Data Mining to Create Victim Profiles
Think you’re safe from crimes like that if you shun technology? Think again. The fact is, in the Internet Age, almost no one is anonymous. Hackers can utilize open source intelligence gathering tools like Google to locate everything from your home address, phone number and email address to details about your work, your hobbies and your friends. School websites provide information about your academic career. Genealogy sites offer up your birthdate and details about your family.
Hackers use that information to commit all kinds of scams. But it’s social media sites that have increased their attack vector beyond their wildest dreams. Where else would millions of people post personal information they wouldn’t think of revealing to strangers?
Hackers Exploit the Human Factor: Friendly Persuasion
What do cybercriminals do with all this information? After a hacker has identified his target’s family and friends from their profiles, he finds out which ones aren’t using social networking sites. Then the hacker assumes their identities by creating fake profiles. That’s how he gets his target to accept him as a friend. Young people are especially at risk of falling for this scam because they often overshare information about themselves on social networks.
Hack attacks on social networks are insidious because most people don’t have their guard up when they use them. They incorrectly assume that anything sent by a “friend” is safe. Two classic examples: You get a message from a friend with a photo attached that she wants you to see. Or a post from a Twitter account with a link to a third party app. If you click on them, the hacker can grab your sign-in information and use malware you’ve unknowingly downloaded to turn your computer into a zombie that’s part of his botnet.
Facebook and Twitter have well over 100 connections per user which provides a vast laboratory for cybercriminals to refine their hacking techniques. As a result, malware, phishing and spam attacks on social networking sites nearly doubled between 2009 and 2010, according to a report by the security firm Sophos.
According to a 2011 survey by Harris Interactive done for ID Analytics, 24 million U.S. adults still keep their social media profiles mostly open to anyone. That means they’re easy targets for data mining. The survey also found that nearly thirteen million adults using social networking sites will accept any connection request from a member of the opposite sex, whether or not that person is a stranger. Is that scary or what?
Remember, in cyberspace there’s a fine line between staying connected and getting hacked. Here’s how you can protect your online security and social networks to avoid becoming a victim:
- Make sure your firewall is turned on and your virus and malware protection are up to date. Do frequent scans.
- Don’t allow your children to use social networking sites without supervision. Make sure they understand the dangers of revealing sensitive information online.
- Don’t accept any “friend” requests from people you don’t know.
- Don’t fall for phishing scams. Think before you click on links you don’t recognize.
- Avoid posting information about your home, your children, your birthdate, your pet’s name, your vacation plans and anything else that could be used by cybercriminals.
- Check the address bar of every social network site you use to make sure you’re on the real one, not a fake designed to steal your password.
- Don’t use the real answers to security questions like your mother’s maiden name, your pet’s name or where you went to high school.
- Use complex passwords composed of letters, numbers and characters. Don’t use the same ones for every site.
- Do not accept default security settings on social networking sites.
- Don’t access social networks on your employer’s computers. That could give hackers a way to steal sensitive business information.
- Check your social network’s policy about sharing information with third party companies when you install an app.
- Make sure you use a virtual private network connection (VPN) like PRIVATE WiFi™. PRIVATE WiFi protects your online security when you are on public wifi by encrypting the data sent to and from your computer. That makes it invisible to hackers.
Have you been a victim of social engineering on a social networking site? If so, we’d like to hear what happened to you. Drop us a line and tell us your story.