Ours is a sharing era. Social networking sites have opened up new ways of sharing all kinds of private information, so much so that the divulgation of a variety of personal details on the internet has become second nature to many users. However, the more information you pour into the online world, the more at risk you are to spilling information that may put you in attackers’ sights.
To be sure, the urge to share is nothing new. This behavior reflects and harnesses a strong human desire to connect with others, which runs deep in our evolutionary past. Arguably, then, the trouble does not lie so much with digital sharing per se. Rather, it boils down to what kind of information we share and, even more strikingly, who can access it.
Many users are oblivious to the risks to which they may expose themselves by sharing personal, if seemingly innocuous, information on social platforms. The same goes for applying little to no restrictions on who can see their activities on networking sites. In addition, social media users tend to use more than one such channel. As a result, attackers can build a fairly rich profile of their target by piecing together information gleaned from the target’s profiles and activities on various networking sites.
Oversaturated with personal information, social media networks have become perfect hunting grounds for malefactors. Having used such a site or sites as a reconnaissance tool, attackers can send you a targeted message that entices you into visiting a bogus website that looks and feels much like the legitimate one in order to steal your credentials and money. Or they can manipulate you into opening a malware-laced attachment, which then acts as a dropper for other malware that can then go on to do all sorts of things, including exfiltrating data or recording keystrokes.
Such missives can be highly tailored and can evoke the impression of being sent from a friend or co-worker. It is little wonder, then, that they have proven to be more successful than spray-and-pray tactics.
Blurring the picture further, the concept of networking that lies at the heart of social platforms contributes to a decreased sense of caution. Many people let their guard down and are more likely, for example, to click malicious links sent via social media than those received in an email.
To be sure, social engineering techniques predate the advent of online social platforms. However, with online networking, they have taken on whole new vigor and opened up new avenues for identity theft, online fraud, and other crimes.
What are some of the measures you can take to counter risks stemming from digital (over)sharing?
To start off, you may want to review regularly and make the best use of the privacy settings available on your social network(s) of choice. Importantly, whenever possible, you are well-advised to limit the circle of people who can see what you’re up to.
Notwithstanding such restrictions, however, there is still some risk that your private information can be exposed to prying eyes. In fact, as soon as you post something, you have no control over what others do with it.
With that in mind, you may want to limit information that you post or upload, especially the kind of information that could make you vulnerable. It’s safer not to post anything that you wouldn’t want the public to see. Put yourself in the attackers’ shoes: could the information you divulge help them hurt you? If so, you may not want to share it.
Beware suspicious or too-good-to-be-true messages and links. That applies even if the message appears to come from one of your friends, as that could well come from an attacker after he has broken into your friend’s account. Ne’er-do-wells know all too well that the more credibility they can provide for their shenanigans, the juicier the rewards.
Also, be skeptical of strangers wanting to be your online friends. Ideally, accept only friendship or connection requests from people you know in real life. The internet is rife with fraudsters intent on bilking money out of you via all manner of ploys. Or they can simply burglarize your home in an old-fashioned style after you tell the world about your vacation, leaving your abode empty and ripe for the picking.
At heart, this all is a human vs. human problem, which highlights how this can be countered – by being more security-aware. “On the Internet, nobody knows you’re a dog”, as the adage that captures the spirit of online privacy and anonymity goes. We were made to be social, but let’s socialize responsibly.
Tomáš Foltýn, We Live Security (ESET Blog)