Threaths and risks
13
Threaths and Risks in Social Media
-
Upload
hhsome -
Category
Technology
-
view
240 -
download
1
description
Transcript of Threaths and risks
Threaths and Risksin Social Media
Basics• Social media and social networking is all about communicating and
sharing information with people
• Once the information is registered to a page it is no longer private
• The personal information can be used to conduct attacks against both the user and the users associates
• The more one post the more vulnerable one become
• The information posted is NOT only used in the social media
• Attacks that uses the shared information but does NOT come by way of the social networking sites: baiting, click-jacking, cross-site scripting, doxing, elicitaion, pharming, phreaking, scams, spoofing and phishing
Baiting• Through a USB drive (or other electronic media) preloaded with
malware, worms etc. attacking when using the device
• Prevent by ensuring the origin of the device is safe
Click-jacking• Secret hyperlinks under legitimate links which causes when clicked
unknowningly performed actions eg. downloading malware or sharing ID:s
• Disable scripting and iframes, maximize the security options
Cross-site scripting• Malicious codes injected to trusted websites
• Turn off ”HTTP TRACE” support
Doxing• Public release of personal indentifying information (including pictures)
• Be careful with what to share
Elicitation• Strategical use of conversation extracting information without giving
the victim the feeling of interrogation
• Be aware of the tactics the social engineers use
Pharming• Redirecting users from safe sites to extract personal data (eg.
mimicking bank sites)
• Type websites instead of clicking on links, look out for URL:s that use variations in spelling or domain names
Phreaking• Gaining unauthorized access to telecommunication systems
• Do not provide secure phone numbers providing access to a Private Branch Exchange or through the Public Branch Exchange to the public phone network
Scams• Fake deals that trick people into providing eg. money in exchange for
the deal
• Sounds too good to be true? Popular events and news are often used as bait to open infected emails, visit infected websites, or donate money to bogus charities
Spoofing• Hiding or faking user identitys
• Know the co-workers, clients etc. of a business or the family and friends on the other hand
Phishing• Usually emails that looks like originated from a legitimate
organization/person and contains links or files with malware etc.
• Do not open or click on attachments or links if not 100% sure of its safe
Sources• http://www.fbi.gov/about-us/investigate/counterintelligence/internet-
social-networking-risks
