Social Networks Increase Risks to Online Privacy
Posted by: Matt Hines on October 12, 2009
There’s so much being written and said about the risk to personal privacy posed by online social networks such as Facebook and Twitter that some experts researching the issue are already beginning to say that the implications might not actually be as dire as some reports have implied.
But while the hype cycle of social networking risks may be at an all-time high, it’s hard to argue that the emergence of the Web 2.0 sites and applications hasn’t created a complex new set of privacy concerns that end users need to worry about.
The social networks themselves have already become breeding grounds for many different types of electronic attacks and social engineering schemes with most of those threats aimed at somehow stealing your personal data, infecting your computer or using your online reputation to assail those with whom you’re connected.
And, there’s little question that as we share more personal information about ourselves over the Web and foster deeper virtual relationships, the greater the threat will be that our online personas will somehow be used against us.
Several weeks back I found myself caught up in just such an attack when I clicked on a link in a Twitter message that I’d received from someone on the site with whom I’ve connected. Even with many years covering just these types of attacks, I decided to trust the content I was sent because it appeared to be coming from someone whom I trust and from whom it’s not unusual for me to hear from in precisely such a manner.
I shouldn’t have.
The involved link was actually a phishing and malware infection scam meant to get me to hand over my Twitter password, which I did, and then visit a Web site which might have infected my machine with malware, which I did.
When I didn’t arrive at the content that I was expecting when I clicked on the link my stomach sank, as I knew that this wasn’t a good sign. Minimal research turned up that I’d just been caught up in a widespread attack; being someone who is supposed to be knowledgeable about this sort of thing only made me feel twice as foolish for falling for it.
After changing my passwords and running my AV scanners, I reached out to the Twitter contact from whom I’d been sent the initial link and they subsequently realized that their account had been hacked and used to target all of their friends.
I really should have known better than to click on the link, but I let my guard down for just a moment and now there’s a chance that there’s a program waiting on my computer for me to visit an e-banking site to steal my credentials, or to do some shopping so that it can steal my payment card data.
Or maybe my Twitter account will be the next one used to distribute poisoned links, except this time it will be my friends who get nailed.
What chance does the average consumer stand in avoiding these types of threats?
And beyond these direct attacks carried out over URLs including Twitter, Facebook, MySpace and any others, there’s also the issue of personal information exposure to consider.
Before the rise of these sites, if an attacker wanted to know something about you to target you, they might be able to find your name and address and maybe your social security number, but even armed with that information they’d still have to do a lot of legwork to target you in any sort of sophisticated manner.
Now, all an attacker need do is gain access to someone’s Facebook, MySpace or LinkedIn profile – typically available without even signing up for the services, and they can quickly deduce where you live and work, how much money you might make and what you legitimately choose to spend it on. Now just imagine what they can do with all that information.
As with many areas of computer security, it is likely that the individual level of risk being tied to social networking is currently somewhat over-hyped, as the mainstream media has sunk its teeth into the issue and hysteria has snuck into the picture.
However, as attackers gain access to more direct, trusted means of communicating with us, and catalogue-like descriptions of who we are, they’re going to try to make the most of that data.
That’s not to say that we should write off these amazing social networking tools and live in fear of constant cyber attack. As with anything else in life, you simply have to try to be careful.
But with each step we take in enmeshing our daily lives with social technologies our individual privacy is unquestionably diminished.
Now, time to go check my Twitter feed…
Related posts:
- What Social Networks Really Reveal One thing I’ve learned from years in security is that...
- Saving Facebook: Perspectives on New Privacy Policies Like most Facebook users, last week as I checked my...
- When a Stranger Comes Calling: Why Social Networking Could Be Fueling a New Era of Digital Burglars For today’s digital criminal, whose bread and butter is information...
- The IDGuardian Podcast: Episode #005 — Threats Facing Consumers Online Welcome to the IDGuardian Podcast. These audio and video...
- The Big “Phish” That Got Away (Thankfully) Yesterday started with a stir across the popular social network,...
Related posts brought to you by Yet Another Related Posts Plugin.
15 Comments to "Social Networks Increase Risks to Online Privacy"
1 | Icepick
Growing pains of a technological and social artifact that we haven’t completely integrated into the fabric of our society yet. I think the net outcome will be a better infrastructure to the technology and people leading lives that are more transparent.
2 | P.C. Haring
Facebook loves it when you post your information. If you’re of the mind they’ll let you post phone numbers, IM client user names, addresses, e-mail addresses, the works. The one thing that we as users need to remember is that just because there’s an open field, does NOT mean it needs to be filled. But even that isn’t always a deterrent…
I recently got a spam message over my Skype. It was a warning from another ‘user’ telling me that my windows machine potentially had viruses and malware on it and that I should click their link to download their computer scannning software that detected it remotley through skype.
One small problem…I was on a Mac.
Fail.
I told the spam bot what it could go do with itself and then promptly blocked it.
In any event, the biggest weapon in this fight is not bigger and badder AV software, but just a bit of common sense. If you get a tweet from a random user soliciting you to ‘visit my site!” The first place I go, is the the user’s profile on Twitter. Take a look at their feed. 99% of the time, that tells me exactly what I need to know before I click on their bit.ly redirect. It won’t catch everything, but it’ll sure cut down on the number of Nigerian princes that have your personal information.
3 | Jett G.
You’ll have to excuse the length of this comment, it is however necessary for me to share with you my experience with the negative side of social networking.
While living in (City A), I was employed for approximately two years with (Company B). It was a relatively simplistic job, and gave me opportunities (though I shouldn’t have taken them) to Tweet about boredom or random frustrations with my boss and my job from time to time. I enjoyed my job, and I looked up to my boss.
A year after I moved to (City B) and attempted to land permanent employment with (Company C), I contacted my boss and requested a letter of recommendation. He refused, telling me that a week after I left the company he received information from an anonymous source, revealing my complaints that I had tweeted, and (I believe) were embellished to make it seem that I despised my job and hated my boss.
I was ultimately “bitten in the rear” for letting my frustrations vent in what I thought was a constructive matter.
Despite being protected, I am now much more careful about what and who I tweet about.
~Jett
4 | Jill Estabroks
I’ve had two instances in which a friend on Twitter had their account hijacked. In one a DM was sent out inviting me to join his mafia family. In other it was a DM about a weight loss product. In both cases in did not seem in character for the senders and did not click on the links. I am a suspicious person in general so I don’t click on links I am not sure about.
5 | Christiana Ellis
Although I didn’t end up infected with anything, I also witnessed one of these attacks, where someone I follow was hacked and their twitter name used to send out spam.
It’s a concern, to be sure, but what is the solution beyond the ordinary sorts of things that we do with everything else online? Careful with certain details, changing passwords regularly, etc.?
Maybe we need those authenticators with the automatic cycling passwords?
6 | Phil Rossi
I’m wary about clicking any links that float about on Twitter. Generally, you can ascertain the legitimacy of a link by the voice that’s delivering it. If the comment with the link seems out of character for the person delivering the content–don’t click…wait and see if there are some follow-up responses. I think a lot of it comes down to common sense. And when in doubt–ask questions. It doesn’t take that much effort to say, “Hey, is that link legit?” or “More details on that link?” Manual authentication.
Cheers,
Phil Rossi
7 | John mierau
Every time society creates something massively beneficial or popular, there are risks which may seem ludicrous in another setting but will be accepted without a second thought in order for folks to enjoy the new advancement.
Witness car travel: far more deaths than airplane travel but far fewer people have car phobias than plane phobias, and there are seldom calls for people to abandon their cars (okay, maybe to carpool but you get my meaning).
Just as the author of this article finished examining security concerns and joked it was time for his social media fix, all society is caught up in fears of identity scams, computer intrusion and taking down their friends with them when they make a mistake.
And it happens.
And then folks become literate in the new skillset. You learn the rules of the road (or this new social lane of the information highway) and even as you feel sorry for the guy you stopped at the side of the road, steam coming out from the hood of his PC, you keep moving!
Although you turn to sites like this one every now and then, to make sure your social-net smarts are tuned.
Great article, thanks for helping us fellow social networkers aware of the ‘rules of the road’ before we’re the ones stuck on the shoulder!
8 | Jason Ramboz
You also have to be careful about what information you post in your profile/tweets/etc. Anything you put on the internet is public, no matter how “private” you think you’ve set it.
This can be especially dangerous because of the rise of “personal information” verification questions. Sure, msot people probably know to be careful with their mother’s maiden name and place of birth (though both are things I know I’ve mentioned in casual offline conversation). But think about the kinds of other things that are asked: favorite sports team, favorite book, street you grew up on, childhood pet’s name… I’ve seen all these and more posted on people’s Facebook and MySpace profiles.
Knowledge itself is power, as they say, so just be careful with how much of it you broadcast out into the ether.
9 | Ben Wassink
You know everyone here for the most part is right. But no matter how safe you are with your social media presence there is still the problem that there are other people who have all of that information and more. Like when those companies lose laptops with thousands of credit card numbers.
Do what you can to protect yourself, don’t be stupid with your credentials and pay attention to your links. As long as you pay attention to what you’re doing you’ll be fine nine times out of ten.
10 | teejayhanton
It’s amazing how good the phishers are at recreating the “official” sites now too. I get emails all the time from banks (at which I don’t even bank) with a link saying I need to log in and update my profile information.
My general rule for links is “don’t click them.” I try to use Twitter clients/sites that expand out shortened links so I can see the original.
Our company’s Security group recently sent around some social site guidelines too, which were the standard “be aware of what you click on” type warnings.
I’m not sure that there’s an easy answer, just education and caution. At least for now ..
11 | Gary Snook
A while back my 10 year old son asked me, “Dad, why do people create computer viruses?” Although I did my best to explain the myriad of reasons that someone create a virus for, the only one that made sense to him was to “get more information about me”.
It is too bad that this is the case, but being so, we must remember not only to try to be vigilant ourselves, but also to teach our children about it.
Alternatively, maybe they should teach us.
12 | Kevin Crosby
To echo an earlier comment, all that is required is common sense. The problem is that common sense is not so common, especially in such new spaces. I’m reminded of the book, “Everything I Ever Needed to Know, I Learned in Kindergarten” and really wish people would remember to go back to that once in a while. The old rules of “just play nice” really do still work.
What I think people keep forgetting that the human element is the most dynamic and exciting part of social media. People cheer, people complain, people share, and people communicate. We’ve done the same things since camp fires and cave paintings came into being. Seriously, what is the difference between a cave painting and a Facebook wall?
I’ve heard many stories like the earlier one asking an employer for a recommendation, they both sadden and anger me. I am sad because the people hurt (and they are hurt) are just doing what people have always done, just in a new medium, and rhey are being penalized because they dare to be human. I am angered because the people applying the hurt appear to have forgotten those simple, basic lessons from Kindergarten.
Maybe they need to go back for a refresher?
13 | Matt Hines
I’m glad that the story struck a chord for so many of you. The thing it seems that we have to remember is that you really can’t trust any third party content being sent over these sites unles you’re absolutely sure that it is what you think it is (cue Dennis Green in the NFL commercial…)…
If someone sends you a link and you really want to see it, contact them directly before opening… (did you just send me this?)… or if it’s a shortened URL, ping them back and ask for the whole thing.
As some have observed, it’s impossible to use these amazing poweful new tools without incurring some level of increased exposure.. the key is to maintain a critical eye toward anything that could ever comprise an attack.. really just as it’s been for a long time with e-mail/attachments.
Thanks for all the feedback, keep it coming! :)
14 | Mobile Web Driving New Privacy Issues « ID Guardian
[...] whether or not to embrace these tools and other social networking systems will always come down to a personal choice regarding your level of privacy [...]
15 | Identity Safety for Your Teens « ID Guardian
[...] new threats in identity security; and considering the popularity of technology (illustrated here by Matt Hines’ column on Social Networks and their influence over online privacy), it is becoming easier to reveal and [...]
Write Comment
IDGuardian reserves the right to remove any comments it deems to be offensive
Follow us on Twitter
Join us on Facebook