Profuse recounting of details from your life
via social media may come at a price
Ours is a sharing era. Social networking
sites have opened up new ways of sharing all kinds of private information, so
much so that the divulgation of a variety of personal details on the internet
has become second nature to many users. However, the more information you pour
into the online world, the more at risk you are to spilling information that
may put you in attackers’ sights.
To be sure, the urge to share is nothing new.
This behavior reflects and harnesses a strong human desire to connect with
others, which runs deep in our evolutionary past. Arguably, then, the trouble
does not lie so much with digital sharing per se. Rather, it boils down to what
kind of information we share and, even more strikingly, who can access
it.
Many users are oblivious to the risks to
which they may expose themselves to by sharing personal, if seemingly
innocuous, information on social platforms. The same goes for applying little
to no restrictions on who can see their activities on networking sites. In
addition, social media users tend to use more than one such channel. As a
result, attackers can build a fairly rich profile of their target by piecing
together information gleaned from the target’s profiles and activities on
various networking sites.
Oversaturated with personal information,
social media networks have become perfect hunting grounds for malefactors.
Having used such a site or sites as a reconnaissance tool, attackers can send
you a targeted
message that entices you into visiting a bogus website that looks and feels
much like the legitimate one in order to steal your credentials and money. Or
they can manipulate you into opening a malware-laced attachment acting as a dropper
for other malware that can then go on to do all sorts of things, including exfiltrating
data or recording
keystrokes.
Such missives can be highly tailored and can
evoke the impression of being sent from a friend or co-worker. It is little
wonder, then, that they have proven to be more successful than spray-and-pray
tactics.
Blurring the picture further, the concept of
networking that lies at the heart of social platforms contributes to a
decreased sense of caution. Many people let their guard down and are more likely,
for example, to click malicious links sent via social media than those received
in an email.
To be sure, social engineering techniques predate the advent of online
social platforms. However, with online networking, they have taken on whole new
vigor and opened up new avenues for identity theft, online fraud, and other
crimes.
Human-factor precautions
What are some of the measures you can take to
counter risks stemming from digital (over)sharing?
To start off, you may want to review
regularly and make the best use of the privacy settings available on your
social network(s) of choice. Importantly, whenever possible, you are well
advised to limit the circle of people who can see what you’re up to.
Notwithstanding such restrictions, however,
there is still some risk that your private information can be exposed to prying
eyes. In fact, as soon as you post something, you have no control over what
others do with it.
With that in mind, you may want to limit
information that you post or upload, especially the kind of information that
could make you vulnerable. It’s safer not to post anything that you wouldn’t
want the public to see. Put yourself in the attackers’ shoes: could the
information you divulge help them hurt you? If so, you may not want to share
it.
Beware suspicious or too-good-to-be-true messages and links. That applies even
if the message appears to come from one of your friends, as that could well
come from an attacker after he has broken into your friend’s account.
Ne’er-do-wells know too well that the more credibility they can provide for
their shenanigans, the juicier the rewards.
Also, be skeptical of strangers wanting to be
your online friends. Ideally, accept only friendship or connection requests
from people you know in real life. The internet is rife with fraudsters intent on bilking money out of you via all
manner of ploys. Or they can simply burglarize your home in an old-fashioned
style after you tell the world about your vacation, leaving your abode empty
and ripe for the picking.
At heart, this all is a human vs. human
problem, which highlights how this can be countered – by being more
security-aware. “On the Internet, nobody knows you’re a dog”, as the adage
that captures the spirit of online privacy and anonymity goes. We were made to
be social, but let’s socialize responsibly.