|
Staying Safe on Social Network Sites
The popularity of social networking sites continues to increase,
especially among teenagers and young adults. The nature of these sites
introduces security risks, so you should take certain precautions.
|
What are social networking sites?
Social networking sites, sometimes referred to as
"friend-of-a-friend" sites, build upon the concept of traditional
social networks where you are connected to new people through people
you already know. The purpose of some networking sites may be purely
social, allowing users to establish friendships or romantic
relationships, while others may focus on establishing business
connections.
Although the features of social networking sites differ, they all
allow you to provide information about yourself and offer some type of
communication mechanism (forums, chat rooms, email, instant messenger)
that enables you to connect with other users. On some sites, you can
browse for people based on certain criteria, while other sites require
that you be "introduced" to new people through a connection you
share. Many of the sites have communities or subgroups that may be
based on a particular interest.
What security implications do these sites present?
Social networking sites rely on connections and communication, so they
encourage you to provide a certain amount of personal
information. When deciding how much information to reveal, people may
not exercise the same amount of caution as they would when meeting
someone in person because
- the internet provides a sense of anonymity
- the lack of physical interaction provides a false sense of
security
- they tailor the information for their friends to read, forgetting
that others may see it
- they want to offer insights to impress potential friends or
associates
While the majority of people using these sites do not pose a
threat, malicious people may be drawn to them because of the
accessibility and amount of personal information that's available. The
more information malicious people have about you, the easier it is for
them to take advantage of you. Predators may form relationships online
and then convince unsuspecting individuals to meet them in
person. That could lead to a dangerous situation. The personal
information can also be used to conduct a social engineering attack
(see Avoiding
Social Engineering and Phishing Attacks for more
information). Using information that you provide about your location,
hobbies, interests, and friends, a malicious person could impersonate
a trusted friend or convince you that they have the authority to
access other personal or financial data.
Additionally, because of the popularity of these sites, attackers
may use them to distribute malicious code. Sites that offer
applications developed by third parties are particularly
susceptible. Attackers may be able to create customized applications
that appear to be innocent while infecting your computer without your
knowledge.
How can you protect yourself?
- Limit the amount of personal information you post - Do not
post information that would make you vulnerable, such as your address
or information about your schedule or routine. If your connections post
information about you, make sure the combined information is not more
than you would be comfortable with strangers knowing. Also be
considerate when posting information, including photos, about your
connections.
- Remember that the internet is a public resource - Only
post information you are comfortable with anyone seeing. This includes
information and photos in your profile and in blogs and other
forums. Also, once you post information online, you can't retract
it. Even if you remove the information from a site, saved or cached
versions may still exist on other people's machines (see Guidelines for
Publishing Information Online for more information).
- Be wary of strangers - The internet makes it easy for
people to misrepresent their identities and motives (see Using Instant
Messaging and Chat Rooms Safely for more information). Consider
limiting the people who are allowed to contact you on these sites. If
you interact with people you do not know, be cautious about the amount
of information you reveal or agreeing to meet them in person.
- Be skeptical - Don't believe everything you read
online. People may post false or misleading information about various
topics, including their own identities. This is not necessarily done
with malicious intent; it could be unintentional, an exaggeration, or
a joke. Take appropriate precautions, though, and try to verify the
authenticity of any information before taking any action.
- Evaluate your settings - Take advantage of a site's
privacy settings. The default settings for some sites may allow anyone
to see your profile. You can customize your settings to restrict
access to only certain people. However, there is a risk that even this
private information could be exposed, so don't post anything that you
wouldn't want the public to see. Also, be cautious when deciding which
applications to enable, and check your settings to see what
information the applications will be able to access.
- Use strong passwords - Protect your account with
passwords that cannot easily be guessed (see Choosing and
Protecting Passwords for more information). If your password is
compromised, someone else may be able to access your account and
pretend to be you.
- Check privacy policies - Some sites may share
information such as email addresses or user preferences with other
companies. This may lead to an increase in spam (see Reducing Spam
for more information). Also, try to locate the policy for handling
referrals to make sure that you do not unintentionally sign your
friends up for spam. Some sites will continue to send email messages
to anyone you refer until they join.
- Use and maintain anti-virus software - Anti-virus
software recognizes most known viruses and protects your computer
against them, so you may be able to detect and remove the virus before
it can do any damage (see Understanding
Anti-Virus Software for more information). Because attackers are
continually writing new viruses, it is important to keep your
definitions up to date.
Children are especially susceptible to the threats that social
networking sites present. Although many of these sites have age
restrictions, children may misrepresent their ages so that they can
join. By teaching children about internet safety, being aware of their
online habits, and guiding them to appropriate sites, parents can make
sure that the children become safe and responsible users (see Keeping Children
Safe Online for more information).
Author: Mindi McDowell
Produced 2006, 2009 by US-CERT, a government organization. Terms of use
|
|
|
Last
updated
April 22, 2009
|
|