Safe Social Networking
Always think about the way posted information on social media sites might enable identity theft, home burglary and social engineering attacks. Consider how your behavior on social media sites might affect your employer.
Social technologies introduce a number of threats, but below are the top four:
- Mobile apps: There’s no guarantee that mobile apps are free of bugs or malware. Mobile malware is capable of obtaining any and all permissions on the infected device, sending SMS messages to premium phone numbers, stealing online banking credentials & downloading other malicious code without the user’s knowledge.
- Social Engineering: Social media has taken this threat to a new level. People are more willing than ever to share personal information about themselves online, and social media platforms encourage a dangerous level of assumed trust.
- Social Networking Sites: Sometimes hackers go right to the source, injecting malicious code into a social networking site, including inside advertisements, shortened URLs, and via third-party apps.
- Users: It’s imperative that users understand how to safely navigate the internet.
To protect yourself, your family and your financial information, apply the following best practices to all your social networking accounts and activities.
When setting up your social networking account:
- Choose a strong password. Make it longer than eight characters, include a variety of letters, numbers, and symbols, and change it regularly. Make sure you use different passwords for each of your online accounts.
- Never save passwords in your browser. Browsers often ask if you’d like to save your password for easy access (so you don’t have to enter it on your next visit). Never ever save your passwords on your computer.
- Never post information in your profile (or elsewhere) that could be used to confirm your identity. This includes home address, birth date, phone number, etc. An individual’s DOB and state of birth are enough to guess a SSN with great accuracy.
- Turn off the bells & whistles. Disable options, then open them one by one.
- Set up login alerts. To help protect your account, request an email from the site should someone try to login from an IP address other than yours.
- Use your privacy settings to control who gets to see your posts and profile.
- Turn off applications such as games & quizzes. If you choose to add applications, ensure you understand and control how much information you share with the application.
- Enable secure browsing, or HTTPS when using social media sites from unsecured public networks such as those in airports, cafes or hotels. This encrypts the information you send and receive. (Look in the site’s security settings)
- Get tips and advice on how to avoid threats from the site’s security/privacy page.
When engaging on social networking sites, follow these safety tips:
- Be careful and use your best judgement when accepting friend requests. Only accept request from people you know. Cybercriminals create bogus profiles to propagate malware.
- Show “limited friends” a cut down version of your profile. This can be useful if you have acquaintances to whom you do not wish to give full friend status.
- Remove a connection to a friend that you are no longer comfortable with.
- Block individuals if they are harassing you or if you just don’t want to be visible to them.
- Report abuse. The most efficient way to do this is right where it occurs – in the social media site’s privacy settings.
- Be careful where you click. Make sure to evaluate the potential costs/benefits of pop-ups, applications, and invites.
- Don’t be an early adopter of a new app. Give the community time to discover the security weaknesses before you dive in.
- Avoid suspicious-looking URLs. Make it a habit to mouse over links to identify the source and proceed with caution.
- Never click on unsolicited links containing celebrity gossip, natural disasters, political scandals etc. Scammers quickly build malicious websites designed to trick users into installing malware or sending donations to replicated websites.
- Never copy & paste a link into your address bar unless you know where the link goes. Doing so will bypass you browser’s security controls.
- Never post your whereabouts or your vacation plans. You’re only helping burglars to plan their break-in.
- Never give up your login credentials. Social engineers are equipped with enough information to trick you into believing the request is from a legitimate authority.
- Ask permission before posting someone’s picture or publishing a conversation that was meant to be private.
- Respect the law, including those laws governing defamation, discrimination, harassment and copyright.