• United States



by Senior Editor

Social networking security: 4 reasons why Facebook and vanity don’t mix

Mar 14, 20117 mins
CybercrimeData and Information SecurityFacebook

My colleague, Bill Brenner, has a t-shirt he likes to wear that basically says social networking feeds the darker sides of human nature. The shirt is a parody of a Venn Diagram and shows the relationship between sites like Facebook and Twitter to what some might called undesirable character traits, such as ADHD, stalking and narcissism.

Now there is research to back up what the shirt says. A study published this month in the journal Cyberpsychology, Behavior and Social Networking finds women who base their self worth on their appearance tend to share more photos online and maintain larger networks on online social networking sites. Researchers say the results reveal women identify more strongly with their image and appearance, and use Facebook as a platform to compete for attention.

[ See also: Social media risks: The basics ]

We all want to put our best foot forward on social networks, but there are some things done in the name of vanity that can actually get you into trouble. Here’s a rundown of how certain self-centered behaviors can leave you vulnerable to crime.

Posting too many pictures

The aforementioned study highlights what most Facebook members already know: Facebook is a forum where most users seek to showcase the best of themselves. For many, that means photos of you looking great, or in glamorous situations (think on vacation, or posing with many people at a party).

Why is this risky behavior? Because the more information you put out there, the easier it is to target you, particularly if the criminal already knows what you look like.

Last month, a California man pleaded guilty to charges of blackmailing a young girl to send him pornographic images of herself after contacting her on Facebook. James Dale Brown somehow got a hold of sexually explicit photos of the girl and used Facebook to find her and demand she send him a video of her having sex. Brown used the alias ‘Bob Lewis’ on Facebook and eventually sent links to an explicit image of the girl to one of the victim’s ‘friends.’

And in January, another California man, George Bronk, admitted to breaking into e-mail accounts to find explicit photos of women. Bronk said he used Facebook to learn answers to the security questions that many e-mail services, such as Yahoo and Gmail, use to reset passwords and compromised the accounts using that information.

Facebook photos are also the reason why some people get fired from their jobs. A recent survey from email security firm Proofpoint finds seven percent of organizations have fired an employee because of activity on social media sites, such as questionable photos that show the user in a less-than-desirable light.

Sharing too much information

It was last year around this time that the Dutch web site developers who created made headlines. The site aggregated the Twitter feeds of people who play Foursquare, a location-sharing application that allows users to “check in” from their various geographic whereabouts as part of a game where they earn badges for reaching certain milestones. Pleasrobme pointed out that in doing this, users were also publicly broadcasting that their home is likely unattended and a good “opportunity” (as the site termed it) for thieves.

The site has since been disabled as the creators said their point was made and mission accomplished. But clearly people are still posting their location using Foursquare, as the site boasts about 6 million users. And there have been recent instances of criminals using the pleaserobme mentality to target empty homes. Three men in New Hampshire were arrested last year on charges of burglary after breaking into homes they knew were unattended. The crooks admitted to using Facebook to find targets.

Having too many friends

Having a lot of friends means you are really popular, right? Doubtful. Security experts say having a lot of friends means you’ll friend, and accept friend requests from, anyone and aren’t very discriminating about your network.

While having a big friends number may make you feel good about yourself, it puts you in some danger. Security firm Sophos conducted a Facebook ID probe last year and created a fabricated Facebook profile before sending out friend requests to individuals chosen at random from across the globe. To conduct the experiment, Sophos set up a profile page for ‘Freddi Staur’ (an anagram of ‘ID Fraudster’), a small green plastic frog who divulged minimal personal information about himself. Sophos then sent out 200 friend requests to observe how many people would respond, and how much personal information could be gleaned from the respondents. The experiment revealed that 82 users, or 41 percent, were willing to divulge personal information, such as email address, date of birth and phone number, to a complete stranger.

This is especially risky is your job gives you access to a VIP or valuable data. Security researchers are noting more attacks that involve criminals who cyber stalk potential victims. The bad guys watch your activity to see what you say, and then use it in an attack.

“There is definitely another network of crime where they are taking time, and closely watching in order to pull off certain things,” said Sophos’ security advisor Chester Wisniewski.

Additionally, so-called “friend collectors,” who typically have 2,500 friends or more, are considered soft targets by spammers who are more likely to friend them knowing they will be accepted and will then have access to thousands of potential spam victims.

Bragging too much

Of course you’re really proud of your promotion or the award you received at work. But you may want to think it over before you post too much information about it in your status update or broadcast it to everyone who follows you on Twitter. According to Attorney Pria Chetty, founder of Chetty Law, a recent global survey finds that the unauthorized disclosures of trade secrets by employees is among the top five intellectual property risks on social networks.

“This refers to the risk of employees who are not bound to appropriate internal policies sharing confidential information or trade secrets (formulas, know how) to their contacts through social media,” Chetty said in a recent post.

But disclosing private information isn’t always intentional, and is instead often leaked just by way of a good-intentioned employee who wants to share with social networking friends.

As Sophos’ Wisniewski points out, even posting information on LinkedIn, generally seen as the lowest-risk social network, still poses a reasonable amount of risk.

“For someone looking for information about your organization or looking for targeted bits about your company it’s fantastic,” he said. “I can go and search for your company name and three-quarters of your employees probably have profiles that tell me exactly what they do, what their position is. I can learn a lot about the company and, if I wanted to, I can then take on a social engineering attack and use that LinkedIn information for my attack through Facebook or email.”