Social network is one of the most advanced form of communication, its changed the way we interact with friends and associates. Enterprises to engage with customers, build their brands and communicate information to the rest of the world.
The social network phenomenon was born in the USA and developed around three main categories professional links, friendship and love relations.
With hundreds of millions of users online, these tools not only attract friends and family wanting to stay in touch, but they also attract people wanting to know about you for the wrong reasons.
Because of its large user base, and large amount of information, they become a potential channel for attackers to exploit. Many social networking sites try to prevent those exploitations, but many attackers are still able to overcome those security countermeasures by using different techniques.
Social network users may not be aware of such threats.
Here we will discuss on different privacy and security issues in online social networks. The issues include privacy issues, identity theft, social networks spam, social networks malware, and physical threats.
In many social networking sites, users use their real name to represent their accounts. So, their identity is exposed publicly to other social network users, as well as everyone else in the online world. Also, social network user’s account can be indexed by search engine and usually appeared in the top rank of the search results. In this case, if attackers know the name of the victims, they can easily search for victim’s profile, or they can search through social networking sites to obtain new victims.
Apart from the simple use of real name as account name, there are also other techniques that can be used to expose social network user’s anonymity. The two methods that will be discussed are de-anonymize attack and neighborhood attack.
Identity Theft Issues
Identity Theft is an act of stealing someone’s identity or sensitive information, and then pretending to be that person, or using that identity in a malicious way. Social networks are promising targets that attract attackers since they contain a huge number of available user’s information. One technique of identity theft is profile cloning. In this technique, attackers take advantage of trust among friends, and that people are not careful when they accept friend requests. Social phishing is another method that can be used to steal social network user’s identity.
A traditional spam attack on email may not be efficient, since attackers randomly generate the email addresses, or crawl to different public sites to look for email addresses. A lot of this spam might not reach the victims. Also, if the spam reaches the victims, there is a high chance that victims will just delete them, since most victims are well aware of spam. Social networks introduce a new way of making spam attack becomes more successful. In this section, we will discuss spam attacks on social networking site, email spam attacks that make use of social network information, and lastly, HTTP hijacking that helps make spamming become more successful.
Since the main concept of social networks relies upon relationship among users within the systems, malware can easily spread through this interconnection. Moreover, many social networking websites are still lacking of mechanisms to determine whether URLs or embedded links are malicious or not. Hence, attackers can exploit this flaw. Malicious link can redirect victims to malicious websites, and then send malicious code to victim’s computer to steal information, or to use victim’s computer to attack others.
Twitter Worm is the general term that is used for worm that spread through Twitter.
Profile Spy worm: This worm spreads by tweeting a link for downloading a 3rd party application called “Profile Spy” (a fake application that is said to allow account owners to find out who has viewed their profiles). In order to download the application, users need to fill in some personal information which allows attacker to obtain user’s information. Once victim’s account is infected, it will keep tweeting malicious messages to their followers
Goo.gl worm: This worm uses shortened Google URL to trick users into clicking the link. The fake link will redirect users to a fake anti-virus website. The website will pop up a warning saying that user’s computer got infected, and prompt users to download their fake anti-virus software that is actually malicious code
Koobface is a worm that spreads across social networking websites such as Facebook and mySpace. This type of worm spread through messages sent between friends in the social networking sites. The message usually contains a video link that attracts social network users to click on it. When users follow the link and try to play the video, they will get a message asking to update a newer version of Flash Player. Once the users install the plugin, their computers will get infected.
Physical threat is another issue that social network users need to concern. Physical threat is physical harm to a person, or to a person’s property such as theft, stalking, blackmailing, or physical harassment. With the characteristics and features provided in the social networks websites, social network users at risk of such threats.
So what can you do to protect yourself?
You don’t have to delete all your social profiles or hide from the real world. just take these precautions.
- Have a strong password. The stronger your password, the harder it is to guess. Use special characters like symbols and capital letters when creating your password. Also, don’t use “common” passwords, like your birthday or your child’s name.
- Be careful with your status updates. Often, we innocently post status updates that would give an identity thief information they need to steal our identity.
For example, you may post “Happy birthday to my mother!” and then tag her in the post. Likely, your mother’s maiden name will be associated with that tag now. A popular security question is “What is your mother’s maiden name?” and if you share that online, you run the risks of identity thieves getting the answer to this commonly used question.
- Don’t reveal your location. You can use a fake location or make one up from another city and state. You may even be able to leave this information blank. Be cautious and never use a city and state where you live.
- Hover over the link. If you hover over a link without clicking, you’ll see the full URL in the lower corner of your browser. If this is a website you recognize, go ahead and click.
- Try a link scanner. A link scanner is a website that lets you enter the URL of a link you suspect might be suspicious to check for safety. Try URLVoid or MyWOT as possible options.
- Check shortened links. A shortened link is popular on sites like Twitter where character length matters. Some shortened link sites include bit.ly, Ow.ly, and TinyURL. Use a service like Sucuri to determine if the real link is secure.
When you go on vacation
- Avoid posting specific travel plans. Never post when, where, or how long you’ll be gone.
- Wait until you are home to post pictures to a vacation album.
- Use highest privacy control. Only let certain groups, like a family group, view your photos.
- Be selective with the status updates. You can use an audience-selector dropdown menu on Facebook to choose certain groups to see your status updates.
- Stay offline. You’re on vacation, after all. Relax and forget about the online world for a few days.
To keep yourself and your information safe, pay careful attention to your online activity. Avoid posting information including:
- Travel plans
- Bank account information
- Your full address and birthdate
- Your children’s’ names, school, and birthdates
- Location information, such as the name of your work place
- Your daily schedule
Social networking sites have become a potential target for attackers due to the availability of sensitive information, as well as its large user base. Therefore, privacy and security issues in online social networks are increasing.
You can still use social networks for all they were meant to accomplish, but you need to take extra precautions to make sure your personal information doesn’t get in the wrong hands. Know what threats you are most vulnerable to and take steps to protect yourself and your networks