Dangers of Social Networking Sites; Businesses, Job Seekers, Children and Adults Beware!

Children – Children under the age of 13 should not be using the internet without some form of parental supervision. Most social network web sites have a minimum age limit so that young children cannot make profiles. However, it is easy to fool these systems. Make sure they are not entering too much private data, such as their home address or what school they go to. Just as it is simple for a young child to fake their age online, it is easy for a potential predator to fake a profile claiming to have the same interests as, and be the same age as, your child.

Phishing / Scams – There are a number of scammers on social networks who may try to steal or use your personal information; Information that can be used for potential crime such as identity theft or fraud. There are also websites that are set up to appear to look like your favorite social networks in order to steal your password. Once someone has your password they can use it to destroy your profile or send out spam messages and viruses, which could do irreparable damage to your online reputation. Always make sure you are at the right site when you enter your credentials. You can do this by double checking the address bar and making sure you are in the right place before you log in. Never will log-in sites ask you to send them your password. If you receive a message or email requesting your send them your password do not reply and forward the message to the network’s support or privacy department.

Privacy – One reason that many people are wary of uploading their photos or videos to a social networking site like Facebook is because they are concerned about retaining the copyright to their work. There is a major gray area as to who would own the materials that we upload. Someone who might be concerned about this might be a professional photographer or a musician who might want to share their work. Uploading photographs or music is a great way to get a lot of potential friends to notice it, but you might want to think about whether the network could end up owning this material. Another controversy with Facebook is that it could be sharing your private information with third party companies. This is why you are shown a privacy statement when you install an application. The providers of these applications are third party companies and websites who could be able to access your private information such as your address or phone number.

Employment – One thing we often forget while having fun on social networks is that almost anybody can see what we are doing. While we are tagging photos of what we did on the weekends or using social networks on company time it can be easy to forget that someone at work may see this and the result could cost you your job.

Businesses – Businesses have found a new place to market and brand themselves in social media sites. Having a medium available to connect with customers in a non formal way creates loyalty and awareness but could leave a company vulnerable to hackers and hecklers feeling the squeeze on your new found success. A social site provides information on what your company is doing and offers a platform to generate spiteful negative comments that could hurt the reputation of your business. These attacks could be controlled with reputation management and social media marketing strategies.

Social networks can be used to make friends, find romance or even to market yourself or your business. The important thing is to remember that these sites can also be misused and we need to take care of our privacy and reputation. Think twice about the way you use social networks.

Be acutely aware of the hazards of Social Networks. Always remember what is possible online. As with most things in life there are opportunities and there are risks; however eliminate needless risk. There is never a need to share private confidential information online. Use social networks to share and promote ideas. Be a giver but don’t give what you wouldn’t want just anyone seeing in public just by looking over your shoulder or seeing into your home or bedroom.

Update: August 11, 2011

These days nearly everyone belongs to a social network, where they spend anywhere from one to several hours per day, posting photos, instant messaging, tweeting, posting their locations on Facebook and any other number of windows into personal daily lives. While social networking has become a staple of social interaction, therein lies a great deal of potential dangers.

Social networking is made so that even those who least tech savvy can enjoy online socializing, talk to friends and share things going on in their lives. Most people doing this do not think about, or perhaps even realize, that everything they reveal to their personal network of friends, family, co-workers and acquaintances, is also very easily revealed to those who could use the same information to steal identities, commit fraud, steal information, and plenty of other life damaging crimes.

One of the worst things about the crimes committed through social networking sites, is that just about anyone is at risk, no matter who they are. Anyone from a CFO of a major credit union to a 14 year old girl, or a new college graduate to a retired senior citizen, is a potential for those that hunt out and prey upon unsuspecting social network users. Children especially, should have some form of supervision over their social network activities. The openness and ease with which contact is made online within a social network makes them even more vulnerable, and even easier to contact by child predators.

The elderly, as well, are often targeted by hackers, social engineering criminals and other con artists. Those who are retired should be on guard – the criminals who target people for personal information, passwords, pass codes and other sensitive information, are extremely skilled at what they do. They can con reasonable people into giving up information, and steal valuable secrets, all without the victim even being aware a crime was committed at all.

Below are some more specific ways in which social networking dangers affect various groups of people, how they are affected, and what to do about it.

Businesses
Businesses are often targeted by social engineers, and people who approach company employees in attempt to procure private company information, for the purpose of fraud, theft, identity or information theft, and other crimes. The reason social engineering is so dangerous is that the victims never even realize or suspect any foul play. Social engineering is done without force, and with unwitting consent, which makes it even more dangerous in some ways. It is very common for social engineers to use social networks to acquire initial information about a person in order to deceive and convince their victims to provide them with protected, classified, or any type of valuable information. Phishing, which is a type of social engineering as well, is the same kind of crime. The type of information available in social networking is more than enough for anyone to pretend as though they have system information about you as an employee over the telephone or even in person, which is how a lot of social engineering is conducted. However, sometimes it doesn’t even need to leave to the social network platform. Here is an example:

• A hacker breaks into the Facebook account of a financial institution employee by the name of Matt. Posing as this co-worker Matt, the hacker then sends an email to another company employee, Sara, while she is at work on the company PC. The message tells her that the attached files are photos from the company Christmas party. Sara opens the message and downloads the attachment to view the photos, but she sees nothing. Meanwhile, she unwittingly downloaded a hacking device used by the hacker to obtain Sara’s log-in information and continued to access the breached server inside the company’s financial network, where there is access to the company’s accounts. The hacker transfers hundreds of thousands of dollars out of the company’s financial accounts. This all began with an employee who was social networking on a company computer system, and another employee whose social network profile was very easily hijacked.

In the above scenario – which is similar to actual events that took place – phishing is used through social networking, and never goes any further than a simple suggestion to download company photos from the profile of someone trusted. This is how social networking can take the simplest connection or or piece of information, and use it for theft or fraud. When social network users see a message from a friend in their network, they subconsciously think, “I know him.” There is no alarm that goes off, or reason to verify identity, even though many are aware of just how vulnerable and easy it is for social network profiles to be hacked and taken over by imposters. The next example demonstrates the way the way that basic information viewed from a social network profile, leads to social engineering of enough information to procure the desired information with a single phone call.

While on his social network site at home, David posts on Twitter that he can wear polo shirts to work for a week while his boss is on vacation, because the temp boss won’t know the suit and tie dress code. A hacker that has been keeping an eye on this company using a variety of outlets and sources, notices this, and sees an opportunity. The next day at work, David receives a phone call.

• Hi David, this is Jake Manson, I am standing in for your boss, Greg for the week.
• Oh, hi. Greg must have thought the wrong guy was filling in, he said your name was Tom Rhoads.
• Ha, yeah, we temporary transfers don’t always work under the most organized conditions. Hey listen, I logged into the system here as a guest user, but I can’t access the files I need. The IT dept. told me to use another employee log-in and pass code for the day until they assign me a temporary one, I guess? They suggested you because you work with some of the same accounts under this department. Anyway, would you mind sharing your account log-in and password with me for the day? Your username is DJensen, right?
• DJensen28.
• Oh, got it. Okay, and the password?
• DJ081475.
• Great, got it. Thanks a bunch, and I’ll call if I have any trouble.

This is a social engineering example that demonstrates how even the most casual piece of information about a company could incite criminal activity, or create an opening for such deception. All the information suggested by the hacker came from David’s social profile, and his username suggestion was simply the first initial of his first name and his last name, like company usernames typically are. By looking at David’s network, he could see Greg was the name of his boss. He knew there would be a new guy filling in for his boss because of David’s Twitter. David was not even suspicious about the hacker’s name being different from what he had been told.
So, now that several examples of the ways social networking can severely compromise a company or business, how can it be prevented? Are there any solutions or processes that can help? The suggestions below address these questions.

• Do not use social networking sites on company computers. This gives hackers a back-door entry right into company accounts, files, and other information.
• Avoid posting information about work details, absences, or other information that could lead to an opening for imposters and social engineering tactics.
• Hackers use the answer to user accounts’ “secret question” to retrieve passwords and hack into accounts. Don’t create secret answers with logical answers or answers readily found through browsing information on social network sites, such as your mother’s maiden name, or the town you were born in. If the secret question is “what city were you born in?” make your answer a city in another country, preferably one you’ve never been to.
• Never, ever give out protected company information to those for whom you cannot verify identity. Even if the person is legit, it is better to be cautious. He or she will probably understand why, and may even appreciate your precautions. Your boss surely will.

Job-Seekers
LinkedIn is an extremely popular professional and business networking site that is used by corporate executives and job-seekers alike. It holds thousands of professional and industry themed forums, job advertisements and opportunities, and even access to job applications. However, it is still a social networking forum. While this particular site is a bit less vulnerable because personal and/or company information is hidden from everyone except those directly within a user’s network – it too carries its own risks.
While LinkedIn has good opportunities, job-seekers should be careful about what they say or reveal, not only on LinkedIn, but on any social network. Many studies have shown that a significant percentage of employers use social media to conduct their own “background” checks. If a job-seeker applies for a serious job, certain information, conversations or even flippant comments could compromise his hiring status.
The Washington Post recently released an article about background checking services that now exclusively run social media background checks for corporations and companies around the country. Casual drug references, various photos or jokes posted as a profiles status – could all be things that could and do prevent job-seekers from being hired. There are documented cases that take this even beyond looking for a job, to being fired from a job for what is on a social media profile. A teacher in a Pennsylvania high school was fired for a photo she posted of herself dressed as a pirate, holding a plastic cup, and labeled “drunken pirate.” She was fired for promoting underage drinking.
Regardless of whether the charges were fair, the fact is, social media is public. It’s something anyone can check, including employers who may have hired the unlucky, unsuspecting applicant who did not consider taking down a similar photo of herself out with friends. It may be a harmless, fun photo to the social media user, but to an employer it could be grounds for being scratched off the list of potential hires, or even grounds for being fired.
So, how do job-seekers and job-holders alike get around this? For the most part, common sense can answer that.

• Be careful about what you do, how you behave, and what you say in a public, social forum – especially when job-hunting. Don’t leave yourself open to professional scrutiny with possibly questionable photos, comments, or other content.
• Go the extra mile and create a dazzling social media presence. Ensure that you appear within a context of social media, the same way you would like to appear to an employer. Participate in industry groups. Post intelligent information, discussions or recent goals that have been accomplished.

Parents, College Students, Young and Old Adults
Moms, dads, grandparents, young professionals and any other adult, young or old, are all affected by social media information that is gleaned and used. When you sign up for a social media account, there is always an agreement that must be checked off before an account is established. This is because third parties use information about you through social media to advertise to you. While much of this advertising is normal, manifested by ads on the side panel of a social media page, there is more invasive tactics that go on.
Phishing was mentioned earlier as a means of obtaining corporate and business information. However, phishing can be used on anyone. Because of the way social media works, it is often very difficult to realize when a scammer is phishing for your information. Why? Because normally, scammers pose as people on your friend’s list or social media network.
What is the purpose of phishing? The basic goal is to obtain private information, usually user passwords, which are then used to break into a user’s personal accounts, use their credit cards, or whatever scammers can get their hands on. Here is a common example of a viral phishing scam on Facebook:

• haha omg! what where you trying to do in this picture, it’s hilarious – http://vv7.net/xy3

The unsuspecting user is lured with a couple of tactics. First, it tells of an amusing photo with the user in it, which is often enough to drawn people in. Secondly, it uses lowercase letters to emulate informal conversation between friends online. Finally, because it is sent from an imposter posing as a friend, there is even less reason to suspect foul play.
The link is used to take a user to a different site where log-in information is required. Even this is not suspicious because plenty of sites require this. When the user logs in with their information, the scammer has what he is after.
So, how is anyone supposed to know when they are being targeted, or lured by a phishing scam?

• Be alert, and know what you have and haven’t posted. If someone posts a link of a photo you are supposedly in, verify it through another means before using the link.
• Stay vigilant about link that takes you to a site that requests log-in information. Check the site – is it familiar? And, if so, does it have the correct URL? Example: www.paypal.net instead of www.paypal.com, which is the real paypal.
• Keep in mind how and what methods your friends use to interact with you in social media. If you are sent anything by a friend which seems strange or out-of-character, double-check before clicking on any links, downloading anything, or even responding.

Children Are the Most Vulnerable!
As said briefly before, the social media of children and even high school students should be supervised and monitored by parents. They are without a doubt, the most vulnerable victims to social media dangers, and can be harmed in almost every way possible when all of the dangers and crimes are considered.

• Social Media Profiles by PredatorsIf it was easy before social media became a widespread social staple, it is now even easier for predators to pose as other children with the same interests, activities, like and dislikes as your child. If a child accepts a predator as an online friend, he can find out just about anything he needs to know, including where the child lives.

• Child Identity TheftThough child predators are by far the most dangerous potential within the realm of social networking, there are plenty of other scammers, thieves and hackers out there that target children for other reasons. Yes, your child is not old enough to own a credit card, but that doesn’t mean someone hasn’t stolen their identity to use for that very purpose. Child identity theft is increasing at alarming rates, so be careful even as a parent, about the information you offer about your child, such as the exact date of their birthdays, their middle name, or even your maiden name, which is often a question asked when filling out credit card information.
• Cyber bullying and Social Media HarassmentPerhaps most saddening, is the peer-to-peer dangers that take place through social media. Because of the non-confrontational feature of social media in the sense that there is no bodily presence, people – and children – are often bolder, and less inhibited to say things that would otherwise be frowned upon. Not only that, but it is easy to create anonymity, which then encourages complete uninhibited behavior online. These are a few of the ways in which cyberbullying can happen so easily. It advances when a group becomes a whole network of adolescents who target and single out a peer. Cruel comments are posted en masse, on the targeted adolescent’s profile page. It almost becomes a sort of frenzied trend within the adolescent network, picking up more and more bullies who make a game out of harassment. This unfortunate social networking danger has even caused suicides in some young adolescents.
  Solutions for these have already been discussed. Monitor your child’s social media activity, and beware the kind of information you give out about your own children. Check their credit reports for any suspicious activity.

Should Social Media Be Avoided?
No, social media does not have to be completely avoided. However, the more aware users are to the potential threats and dangers, the more protection they have against them. Social media is a new method of social interaction in this age of information, and to ignore it would only isolate you from social communication, and the plenty of useful or enjoyable aspects of social networking. The point here is to be on guard, be vigilant, and be aware of the ways in which social media can be dangerous.

Contact us if you require assistance or consulting regarding the dangers of social networking, we can help.