Social Media Risks: The Basics
Social media sites unfortunately pose many security risks for the unwary. Here's a guide to avoiding scams of all sorts.
By Joan Goodchild , Senior Editor
February 03, 2010 — CSO —
You may be a champ at Mafia Wars and Farmville, but what do you know about the security risks of social media sites?
The collaboration and sharing made possible by Web 2.0 technologies also bring along a specific set of risks. In Slapped in the Face: Social Networking Dangers Exposed, security researchers Nathan Hamiel and Shawn Moyer explain how attacks are made easy because of the very nature of these sites, where users can upload and exchange pictures, text, music and other types of information with little effort.
"Social networking sites are meant to get as many users in one place as possible on one platform, and for attackers there's a lot of return-on-investment in going after them," Moyer said, describing the climate as a perfect storm of social engineering and bad programming.
In this guide, we outline the many risks posed by social media sites and social networks, and how to keep yourself and others from falling victim to a scam or security hole.
- How common are scams and hacks on social networks?
- What are the most basic risks involved?
- Give me some examples of this type of scam.
- If my company allows employees to use social media and access networking sites, should we have a social media security policy in place?
- New scams and threats pop up all the time. How can employees stay on top of these new concerns?
How common are scams and hacks on social networks?
In 2009, Facebook officials announced they had surpassed 300 million users. Twitter claims to have 6 million unique monthly visitors and 55 million monthly visitors. With that kind of reach, it's not surprising that criminals view these sites as a great venue for finding victims. As a result, security stories about Twitter and Facebook have dominated the headlines in the past 12 months. In one high-profile story from 2009, hackers managed to hijack the Twitter accounts of more than 30 celebrities and organizations, including President Barack Obama and Britney Spears (See: Hackers Hijack Obama's, Britney's Twitter Accounts. Hacked accounts had been used to send malicious messages, many of them offensive. According to Twitter, the accounts were hijacked using the company's own internal support tools.
Twitter has also had problems with worms as well as spammers who open accounts and then post links on popular topics that actually link to porn or other malicious sites. Facebook, too, is regularly chasing down new scams and threats.
Both sites have been criticized for their lack of security, but have made improvements in recent months. Facebook, for example, now has an automated process for detecting issues in Facebook users' accounts that might indicate malware or hacker attempts. The site also recently announced a partnership with security software vendor McAfee aimed at improving security for Facebook users. See: Facebook, McAfee Team on Facebook Security Effort.
What are the most basics risks posed by social media and social networking?
Password sloth is a simple and prevalent mistake by users of social networking sites. As described in Seven Deadly Sins of Social Networking Security, password sloth refers to using the same password on all sites—if that password is discovered via a hack or accidental leak on one site, it provides hackers a way into all the other sites. In a worst case scenario, it might mean a Twitter password hack gives someone the key to your online banking account.
Plain old TMI—too much information. It's a great idea to let your neighbors know you're headed out on vacation so they can keep an eye on your house or apartment. It's NOT a great idea to post those vacation plans on public Internet sites. It's also not a great idea to freely reveal lots of personal details&your birthday, your town of birth, your family tree—as that information can be used for identity theft.(continued)