by Rik Ferguson
Of course we all know that Father Christmas is out there, with his happy elves, keeping tabs on us throughout the year. In fact every year a considerable part of my time each day is spent going through my activities and making sure that nothing I have done will mean that I end up on Santa’s naughty list. I have to say, so far I appear to be doing quite well and each year, for all these years, there’s been a little something under the tree for me as well.
Unfortunately it’s not only Santa and his elves who are collecting your information there are plenty would use it for more nefarious ends. Maybe it’s worth clicking here to find out exactly what Santa knows about you…
There are several entry points available for cybercriminals into the interactive playground of social networking; fake or compromised profiles, malicious applications, malvertisements, cybersquatting, spam and phish masquerading as legitimate notifications from social networks, exploitation of vulnerabilities and direct messages just for starters. Victims are at risk of identity theft, fraud, infection or simply of becoming an attack platform to infect or defraud their own friends and colleagues.
The one thing that all of these attacks have in common though is the very thing that binds social networks together: trust. Because the attacks, messages and links come from friends or colleagues, they appear far more credible than the average Spam email from a stranger. Even the Koobface worm with its almost textbook standard Spam messages such as “You are veryy ggood at pposing to a spy cameera!” becomes that little bit more credible when it comes from someone you know.
Most of us are guilty of being far too trusting and far too free with our personal information online, we give away little snippets (or great chunks in some cases) of our personal lives in what is essentially a public forum, making the work of criminals such as carders and ID fraudsters far more simple. In fact I have seen social networking sites spoken about in underground carding forums as a “free date of birth look-up service” along with a wealth of tips on how best to exploit these kinds of platforms.
We need to become far more aware of the value of our personal information and importantly the information we have about our friends. We also need to become far more conversant with the privacy controls available on social and professional networking sites and actually use them. There is no need to fill out that questionnaire “25 Things About Me” and post it on your profile, there is no need to share your entire employment, educational or address history. There is no need to share your “Porn Star Name” (first name = name of your first pet, family name = mother’s maiden name), isn’t that exactly the kind of information needed to reset your email account password, or access your financial data?
When your personal information becomes public it is out of your control and soon out of sight. Criminals can and do use this stuff to break into your online accounts, just ask Scarlett Johansson, Jennifer Lawrence and many others.
- Next time, before you hit “Post”, ask yourself this “If a stranger called me on the telephone asking for this information, would I tell them?” If the answer is “No”, then step away from the mouse.
- Make sure you always pay attention to the permissions you grant to third party apps that you integrate into your social and mobile life.
- Ensure that you are the only person who can answer your password reset questions and that those answers are never shared on social networks.
- If you’re lucky enough to have kids of your own, then make sure you pass on the benefit of your online wisdom, after all, you wouldn’t send them out to cross the street alone without explaining the risks.