Ben WoelkPolicy and Awareness AnalystRochester Institute of Technology585.475.4122fbwis@rit.edu

Ten Ways to Shockproof Your Use of Social Media

Introduction

• Everyone is a target• Identity theft is big business• You can’t rely on others to protect you

2

Identity Theft

• What’s the problem with this picture?

3

General Trends

https://www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_2010.pdf

Digital Self Defense

• Protect yourself and everyone else• Use the right tools• Do the right things

5

Avert Labs Malware Research

6Retrieved July 24, 2009 from:http://www.avertlabs.com/research/blog/index.php/2009/07/22/malware-is-their-businessand-business-is-good/

Tip # 1 Passwords

• Weak passwords can be guessed– Automated programs– Personal details

• Use different passwords– How many accounts can be accessed with

just one of your passwords?– Password vaults

• Passphrases

7

8

Tip # 2 Patching/Updating

Patching:• Fixes “vulnerabilities” in software

You need to: • Turn on auto-updating (Windows, Mac OS X)• Check regularly for application updates

(Adobe, Microsoft Office, etc.)• ESPECIALLY ADOBE (malicious PDFs)

Tip #3 Security Software

• Anti-Virus Protection• Firewall• Anti-Spyware Protection

9

10

Tip #4 Recognize Phishing/Scams

• Purpose– “verify/confirm/authorize” account or

personal information

• Source– Appear to come from PayPal, banks, ISPs,

IT departments, other official or authoritative sources

• Tone– Appeals to fear, greed, urgency,

sympathy

Phishing Tips

11

• Does it seem credible?– Misspellings, bad grammar,

formatting errors

• File attachments– Is it expected? If not, ignore it!

• Never respond directly to e-mail requests for private information– Verify with company– Don’t click on links

Phishing on Social Network Sites

http://www.markmonitor.com/download/bji/BrandjackingIndex-Spring2009.pdf12

13

Tip #5 Use Social Networks Safely

Do:• Make friends• Use privacy settings• Be conscious of the

image you project

Don’t:• Post personal information• Post schedules or whereabouts• Post inappropriate photos

Tip #6 Remember Who Else is There

• Who else uses social networking?– Employers– Identity Thieves– Online Predators

• Facebook Stalker(http://www.youtube.com/watch?v=wCh9bmg0zGg)

14

15

What You Post Can Be Used To…

• Make judgments about your character• Impersonate you to financial institutions• Monitor what you do and where you go

– Theft– Harassment– Assault

16

Not YourSpace

Would I be comfortable if this were posted on a billboard?

The Internet is public space!• Search results• Photo “tagging”

Tip #7 Be wary of others

• Choose your friends carefully• "41% of Facebook users agreed to be

friends with this plastic frog, opening themselves up to the risk of identity theft."

• The frog’s name was Freddi Staur– http://podcasts.sophos.com/en/sophos-

podcasts-019.mp3

17

Is this really your friend?

When “friends” ask for money online• Do they speak/write like your friend?• Do they know any details about you or

themselves that do NOT appear on Facebookprofile pages?

• Do they refuse other forms of help, phone call requests, etc.?

Just because it is your friend’s account does not mean that it’s your friend!

18

Tip #8 Search for your name

• Do a vanity search• Set up a Google Alert

19

Tip #9 Guard Your Personal Information!

• Even less sensitive information can be exploited by an attacker!

• Don’t post it in public places• Know to whom you’re giving it• Watch out for Facebook Applications!!

– A 2008 study found that 90.7% of apps had access to private user data (only 9.3% actually used the data)

20

Tip #10 Use Privacy Settings

• Default settings are set to sharing information

• Adjust Facebook privacy settings to help protect your identity

• Think carefully about who you allow to become your friend

• Show "limited friends" a cut-down version of your profile

• Disable options, then open them one by onehttp://www.sophos.com/security/best-practice/facebook.html

The First Line of Defense

Stay alert—you will be the first to know if something goes wrong– Are you receiving odd communications from

someone?– Is your computer sounding strange or slower

than normal?– Has there been some kind of incident or warning

in the news?

Do something about it!– Run a scan– Ask for help