networking has become most popular activity in today’s Internet world, with
billions of people across the world are using this media to meet old friends,
making new friends, to collect and share information, social networking while
being a popular media has several disadvantages associated with it. These sites
can be trapped by scammers or hackers leading to loss of confidentiality and
identity theft, of the users.
As the popularity of social networking sites continues to grow, so do the security risks
associated with them. Sites like Facebook, Twitter and LinkedIn have become
main targets for hackers.
Social Networking sites expose the kids to various risks like, disclosure of personal
information, cyber-stalking, access to inappropriate content, online grooming,
child abuse, etc. In addition there are many more risks like fake profiles with
false information, malicious application, spam, and fake links which leads to
phishing attacks etc.
social networking accounts is of the utmost importance.
As we all know that spam is usually unwanted e-mail advertising about a product
sent to list of e-mails or group of e-mail addresses.
spammers are sending the unwanted mails or messages to the billions of users of
social networking sites which are free; and is easily accessable by spammers to
gather the personal information of the unsuspecting users.
Online scammers generally send an e-mail or message with a link to the user
which ask for the profile information and tells the user that
it would add new followers.
links sent to the user would be similar to applications, games etc. So whenever
the user post his details in the link then the details will be received by
scammers and information would be misused.
As we all know the phishing attack is creation of fake site just similar to
these days even social networking phishing has come in different flavours just
like phishing attacks on banks and popular trading websites. Social networking
phishing has come up with fake mails and messages like offering some
specialized themes, updating the profile, updating the security
application/features etc. In order to see the updates the user needs to follow
a link and log in, through which the credentials are taken by the attacker. The
linked page is a fake copy of the original login page, focused on stealing user
Generally, clickjacking is a malicious technique of tricking
users into revealing confidential information or taking control of their
computer while clicking on seemingly innocuous Web pages.
across a variety of browsers and platforms, a clickjacking takes the form of
embedded code or script that can run without the user’s knowledge. The same is
followed in the social networking domain. The objective behind such an attack
is that users can be tricked into clicking in the links, icons, buttons etc,
which could trigger running of processes at the background without the
knowledge of the user.
Malicious application might come through different application while using or
installing software’s. Similarly, the clicking on the social networking
application starts the application installation process or link to view the
order to fulfil its intended operation the application requests for some
elevated privileges from the user like access to my basic information , update
on my wall, post on my wall, etc as shown in the following figure.
e-Mails are received with fake e-mail address like firstname.lastname@example.org
by an attachment named, “Facebook_Password_4cf91.zip and includes the file
Facebook_Password_4cf91exe” that, the e-mail claims, contains the user’s
new facebook password. When a user downloads the file, it could cause a mess on
their computer and which can be infected with malicious software.
Tips to avoid
risks by social networking
- Limit the information you
put in the social networking sites.
- Don’t put
personal information like your family details, addresses, personal
photographs, video, etc. In case if you put your personal photographs try
to change settings and make visible only for friends
- Most of
the sites and services provide options for privacy settings to prevent
attackers to view your information. You can make use of these options to
choose/deny whom you want to allow to see your information.
- Be careful
if you want to meet social networking friends in person, some times it may
not be their true identity which is posted on the social networking sites.
think before you meet such strangers. If you decide to meet them do it in
a public place during the day. Kids should never be allowed to meet such
- Don’t ever click
suspicious link while logged into social networking accounts.
- Always clean
browser’s cookies and cache.
- Install a
good and latest version of Anti-virus to keep your system free from
malicious applications like virus, worms and Trojans.
- Don’t ever run any java
scripts while logged into your social networking accounts.
ever share your password with anyone; and keep changing your password
regularly. Always use proper password (min 8 digits with a mix of alpha
numeric & special characters)
ever login to any site other than the legitimate sites and always check
the URL for misspelled links before you proceed further .
Virtual Keyboard, wherever possible to enter your password for better security
as these cannot be captured by key-loggers.