“You are the weakest link in cyber security and hackers and social manipulators know it.” – U.S. Department of Justice, Federal Bureau of Investigation
On April 21, 2013, a minimum of three CBS-affiliated social media news feeds were compromised and suspended after hackers posted anti-government messages.
While one would think the ability to break into a Twitter account could only be done by a “professional hacker,” in reality, it could be quite simply for the everyday hacker to break through-all it takes is a little bit of research, simple user error and social engineering.
The FBI indicates there are two tactics used to exploit online social networks: computer savvy hackers that write code to gain access, and social or human hackers who specialize in exploiting personal connections through social networks.
While many of us engage on multiple social networks, there are security risks that you need to be aware of and protecting yourself from a potential breach. Surprisingly, the best piece of advice from these experts is for you to stop talking so much about you.
According to a report by Brad Dinerman, president of Fieldbrook Solutions, LLC, Microsoft MVP in Enterprise Security and Certified SonicWall Security Administrator, for GFI Software, he reveals security risks at the top social networks, Facebook and Twitter.
Facebook
Facebook, Dinerman states, is the most casual and offers the most updated personal information-easily putting you at risk.
He relays a story about a Facebook friend that sent him a link to a common type of game/surveys found on social network sites, “Twenty things you didn’t know about me”-seems harmless right? Dinerman cautions against these type of information games and states while it came from an innocent source, in fact you are telling people some of your secrets that could lead to identifying personal information-information that you might have used for a password. Questions such as “What was the name of your best friend in high school?” “What is your favorite pet’s name?” or “Where were you born?” are just the type of password recovery questions that are used on various websites.
“Providing the personal information asked in these Facebook questionnaires, you may unwittingly be providing an easy channel for identity theft. Is it worth compromising your online bank account for the bit of amusement that Facebook provides? Probably not. If you still want to have fun with these questionnaires, then by all means do so. But be very careful about the type of information that you provide and how that information could be used if it fell into the wrong hands.” Dinerman stated.
He also cautions about putting too much personal information on your Facebook page (job, birth date, photos, group memberships) and modifying who can see that information. One security tactic is to simply switch your settings for those who can see your personal information from “Friends of Friends,” to “Friends Only.” Reason being is that you honestly don’t know who is a “Friend of a Friend” and who could be out to obtain personal information.
Twitter
When you tweet out information it is in fact public and it’s important to be diligent in disclosing too much that can help someone build a profile.
Dinerman also stated that shortened URLs is another method to lure users to a site that might contain drive-by malware or trick someone into providing information. If you do see a shortened URL, make sure that the link is connected to a trusted source. If you want to know the exact location of the URL, Dinerman suggests to “consider obtaining a third-party browser or mail client add-on that will reveal the URLs’ full path so that you know where your browser is actually directing you. Examples of websites or software that will perform this task can be found at longurl.org and longurlplease.com.”
Other IT sources also suggest to choose the option to associate your mobile phone with your twitter account in order to receive alerts about password changes.
In a previous AZ Tech Beat article “Cybersecurity- How to Protect Yourself from Phisherman” by contributing author Kyle Debruhl, experts explain how simple user error opens the doors for hackers, phishing scams and social engineers to invade your personal accounts.
The FBI also offers additional tips to staying secure online:
- Avoid accessing your personal accounts from public computers or through public WIFI spots
- Do not provide information about yourself that will allow others to answer your security questions-such as when using “I forgot my password” feature
- Limit personal information you share such as job titles, locations, likes and dislikes or names and details of family members, friends and co-workers
- Do not store any information you wish to keep secure on a device connected to the internet
- Always use high security settings on social networking sites, and monitor what others are posting about you on their online discussions.
- Verify those who you interact with over the internet or social networking sites
Resources
www.lookstogoodtobetrue.com
www.OnGuardOnline.com
www.us-cert.gov
www.fbi.gov