Social media sounds so nice and friendly. A virtual space where everyone just wants to chat with current friends and reconnect with old ones.
But just like in real life, not everyone has friendship in mind. Some of them are attracted not by the warm and fuzzy side of social media, but rather the potential of stealing cold, hard cash. While social media sites work very hard to keep them safe, the weakest link in the security chain is often people who trust friends they barely know just a little too much.
The attraction of social media sties for scammers and other criminals is people’s willingness to share information with their online friends and the sheer numbers of people involved. Facebook, for instance, has about 400 million users, MySpace about 120 million, Twitter 75 million and business networking site LinkedIn more than 60 million.
Of course, some people don’t have to worry about trouble caused by others but rather the trouble they get themselves into—for instance, forgetting who your online friends are. That happened to one British woman who complained bitterly last year about her new boss and job to all her Facebook friends, not realizing her boss was among them. That left her an ex-friend and ex-employee.
Besides losing track of who’s who among your social media friends, other threats may not be as apparent. Among them are simple “information leakage” as well as threats such as phishing, click-jacking and malicious software, according to security firm AVG Technologies.
Part and parcel of being online friends is sharing our lives with other people. The problem with social media—and the Internet in general—is that the information we share can go much farther than we ever intended. When we tell a friend something verbally, the spread of that information is likely to be limited. When we say something online, the entire world may wind up as the audience. Information such as where and when we’re going on vacation can leak out into the wider and wilder regions of cyberspace. While we wouldn’t dream of putting a “not at home” sign in our front yard when we’re on vacation, we may not take the same precautions on social media sites.
Another potential concern is applications, such as quizzes and games, that collect information from online profiles. While those applications may seem to be innocuous fun, it’s worth considering where that information is going and how it is going to be used.
Social media also gives rise to attempts at “social engineering” to steal personal information, such as log-ins and passwords. Boiled down, that just means tricking people into divulging information they would rather keep private.
Among the social engineering scams are so-called phishing attempts in which con artists seek to glean personal information by posing as a trusted source, such as a bank seeking to reset your password—and it bears repeating that no reputable company ever sends emails asking for your log-in and password.
Click-jacking is another concern. The technique involves getting users to click on a seemingly innocuous link that masks a link with a nefarious purpose, such as taking you to a site you’d rather not go or infecting your computer with malware. The “koobface” worm spread on Facebook by conning users with a video, then telling them they needed to download a software update to view it. The update was actually the worm.
Twitter was recently hit by an unusual click-jacking attack that worked via a “tweet” that said “Don’t click” followed by a link. When users inevitably clicked on it, it sent out the same tweet to others.
Photographs of women in various states of undress are a favorite bait of scammers as are messages reading something along the lines of “your computer is infected” and “who’s checking your profile?” That last one was used recently to encourage users to create their own version of a rogue application to infect other users and so bypass controls on the spread of such applications.
So what can users do to protect themselves and their computers while also enjoying the fun and friendship offered by social media?
Well, for one thing, be careful. If a link looks odd, or if a message from a friend seems strange, don’t click on it. Check out applications before you run them. As Roger Thompson, chief research officer of AVG says, “Think before you link.”