Millions of people use social media platforms every day to post information about their lives online and in doing so are often providing sensitive personal data which can leave them exposed to data breaches and in turn lead to fraud and identify theft – we are becoming a nation of social media nudists!
Known as social engineering, this is a tactic used by cyber criminals to gather as much information about the victim as possible. All forms of social media are used for this method. Details including full name, address, names of parents, pets or partners, hobbies and career information are collected by the attacker from photos, social media posts and personal biographies. From there, the attacker can carry out numerous cyber-attacks such as password cracking, phishing emails and identity fraud.
Password Cracking
A young woman who is very active on social media and has lots of followers receives an email which includes her full name and address as well as an old email address and password.
The email says that the sender has access to her PC and all her information. It states that she needs to get in contact with the attacker and pay them to delete her information.
The password that was included in the email was her younger sister’s name and date of birth.
The woman contacts her IT support and informs them that she didn’t think this was her previous password. She is advised to ignore the email and inform the police if there are any more demands made.
In this case, the lucky woman was advised not to contact the attacker, however a less technical user may just assume that the email is genuine and pay them.
Identify Fraud
Users of dating websites have reported that they are finding dating profiles which are using their profile pictures and information. Attackers access social media to steal photos and personal details so they can pose as the victim. An attacker may use the details to try and trick people you know into sending them personal or sensitive information.
This also happens on social media with people reporting that they are receiving friend requests from people who are already their friends.
Those who accept the request often find that their social media has been hijacked and their profile may be sending out malicious links.
Phishing Emails
If your social media privacy settings are not configured correctly people who you are not friends with or connected to on social media can see your email address. Alongside this, if you have lots of personal information available then you are leaving yourself open to password cracking attempts. Programs like CUPP or John the Ripper allow an attacker to enter your personal information and output a comprehensive list of thousands of potential passwords. Attackers can then use this to perform a barrage of attacks to gain access to your social media accounts.
Preventive Measures
To avoid becoming prey to social engineering attacks from cyber criminals, take note of these quick tips:
- Try to keep personal information to a minimum. This means keeping information such as the names of your parents (especially maiden names, as this is a common security question), daily schedule, home address, email address, phone number and pet names off your social media.
- Have your social media privacy settings on the highest security settings.
- If someone you thought you were already friends with adds you on social media, contact them via text or phone to confirm that this is them.
- Do not accept friend requests from people that you do not know.
- Think before you post – if your post contains details which could compromise your social media security then do not, under any circumstances, post.
To find out more about the wide range of ICT courses on offer at Belfast Met, call 028 9026 5265 or visit www.belfastmet.ac.uk.
