Social networks such as Facebook, Twitter, and MySpace are wonderful ways to connect with friends and family. Unfortunately they also provide excellent resources for online crooks to gain sensitive information via social engineering, a term synonymous with con games in the world of computer security. By learning what social networking is, you can protect yourself from would-be (virtual) attackers and keep your data safe.
What is “social engineering”?
Social engineering is a non-technical intrusion using human interaction (thus, the “social” in “social engineering”) to gain information which directly, or indirectly, leads to a scam of some kind. The information compromised can be of any variety: passwords, access to computers and/or networks, account information, or anything else that can lead to additional data, money, identity theft, hacked accounts, or other problems for the victims. It’s considered a safer and easier way to run a con since the scammer rarely has to be physically present in front of the victim, so the Internet provides an excellent medium for these kinds of scams.
How does social engineering affect my social networking accounts?
Attempts to phish for information are notorious online, and you should learn how to protect yourself from phishers. Instant and direct messages, emails, chat… all forms of online communication have the potential to be tapped, spoofed, or intercepted. Whether it’s email, a social networking site, or something else, all it takes is one unsecure account and a bit of luck in order to gain access from hundreds, if not thousands, of other users. With access to one unsecured account, the scammer now has the trust of all of their friends and followers of the real account owner. The flood gates are now open for additional phishing attempts, data loss, and other forms of digital mischief.
Social engineering is very simple and very effective. The weakest link in any computer security scenario will always be a human, and social networks are chock full of them. With enough patience it’s only a matter of time before a scammer finds a victim.
How can I protect myself from being a victim?
The easiest way to guard against social engineering is to be skeptical of offers presented in emails, online, and over the phone. Social engineering attempts prey on every aspect of human behavior (greed, compassion, fear, love, etc.) and can even exploit outside events such as natural disasters and current news topics in order to extract information from the victim. Here are a few specific things you can do:
- Ensure the legitimacy of anyone claiming to be a representative of a company, government office, or organization.
- Never reveal personal information unless you are certain of their need for the information and that the information will be held in the strictest confidence.
- Keep your passwords and other account access data secure. No company or it’s representatives should ever ask for your password, no matter how convincing the story they give you.
- When entering sensitive information online, make sure you’re really on the web site you think you are on. Read our “How to Spot a Fake Website” post to learn more.
- Never send sensitive and/or personal information via email or instant message to anyone, even friends and relatives. Spoofing emails and IM information is too easy.
If you come across a social engineering attempt, make sure to contact the service you used when the attempt occurred. Most social networking sites, companies, and organizations have a computer security team that handles these issues and you can help stop the spread of these attacks. Listed below are some resources for a few online services regarding safety, abuse, reporting, and/or support. To find out how to report on other sites, check their Help or Support links.