Security Tips & Alerts
Technology Topic of the Month
Staying Safe on Social Networking Sites
What are social networking sites?
Social networking sites, sometimes referred to as " friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected with new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on establishing business connections.
Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, instant messenger) that enables you to connect with other users. On some sites, you can browse for people based on certain criteria, while other sites require that you be "introduced" to new people through a connection you share. many of the sites have communities or subgroups that may be based on a particular interest.
What security implications do these sites present?
Social networking sites rely on connections and communication, so they encourage you to provide a certain amount of personal information. When deciding how much information to reveal, people may not exercise the same about of caution as they would when meeting someone in person because:
- the internet provides a sense of anonymity
- the lack of physical interaction provides a false sense of security
- they tailor the information for their friends to read, forgetting that others may see it
- they want to offer insights to impress potential friends or associates
When the majority of people using these sites do not pose a threat, malicious people may be drawn to them because of the accessibility and amount of personal information that is available. The more information malicious people have about you, the easier it is for them to take advantage of you. Predators may form relationships online and then convince unsuspecting individuals to meet them in person. That could lead to a dangerous situation. The personal information can also be used to conduct a social engineering attack. Using information that you provide about your location, hobbies, interest, and friends, a malicious person could impersonate a friend or convince you that they have the authority to access other personal or financial data.
Additionally, because of the popularity of these sites, attackers may use them to distribute malicious code. Sites that offer applications developed by third parties are particularly susceptible. Attackers may be able to create customized applications that appear to be innocent while infecting our computer or sharing your information without your knowledge.
How can you protect yourself?
- Limit the amount of personal information you post- Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections.
- Remember that the internet is a public resource- Only post information you are comfortable with everyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines.
- Be wary of strangers- The internet makes it easy for people to misrepresent their identities and motives. Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.
- Be skeptical- Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. this is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action.
- Evaluate your settings- Take advantage of site's privacy settings. The default settings for some sties may allow anyone to see your profile, but you can customize your settings to restrict access to only certain people. There is still a risk that private information could be exposed despite these restrictions, so don't post anything you don't want the public to see. Sites may change their options periodically, so review your security and privacy settings regularly to make sure that your choices are still appropriate.
- Be wary of third-party applications- Third-party applications may provide entertainment or functionality, but use caution when deciding which applications to enable. Avoid applications that seem suspicious, and modify your settings to limit the amount of information the applications can access.
- Use strong passwords- Protect your account with passwords that cannot be easily guessed. If your password is compromised, someone else may be able to access your account and pretend to be you.
- Check privacy policies- Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam. Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join.
- Keep software, particularly your web browser, up to date- Install software updates so that attackers cannot take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
- Use and maintain anti-virus software- Anti-virus software helps protect your computer against known viruses, so you may be able to detect and remove the virus before it can do any damage. Because attackers are continuously writing new viruses, it is important to keep your definitions up to date.
Using Cuation with Email Attachments
Some of the characteristics that make email attachments convenient and populare are also the ones that make them a common tool for attackers.
- Email is easily circulated- Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don't even require users to forward the email- they scan a users' computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
- Email programs try to address all users' needs- Almost any type of file can be attached to an email message, so email programs ahve the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachment.
- Email programs offer many "user-friendly" features- Some email programs have the option to automatically download email attachments, which immediatly exposes your computer to any viruses within the attachments.
What steps can you take to protect yourself and others in your address book?
- Be wary of unsolicited attachments, even from people you know- Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, make it look like the message came from someone else. If you can, check with the person who supposeldy sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.
- Keep software up to date- install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.
- Trust your instincts- if an email or email attachment seems suspicious, don't open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it's legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don't let your curiousity put your computer at risk.
- Save and scan any attachments before opening them- If you have to open an attachment before you can verify the source, take the following steps:
- Be sure the signatures in your anti-virus software are up to date.
- Save the file to your computer or a disk.
- Manually scan the file using your anti-virus software.
- if the file is clean and doesn't seem suspicious, go ahead andn open it.
- Turn off the option to automatically download attachments- To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
- Consider creating separate accounts on your computer- Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need "administrator" privileges to infect a computer.
- Apply additional security practices- You may be able to filter certain types of attachments trhough your email software or firewall.