Social Networking Risks and Challengessocial ntwrk

Social networking has become most popular activity in today’s Internet world, with billions of people across the world are using this media to meet old friends, making new friends, to collect and share information, social networking while being a popular media has several disadvantages associated with it. These sites can be trapped by scammers or hackers leading to loss of confidentiality and identity theft, of the users.

Social Networking sites are becoming very popular especially among the growing kids. These sites expose the kids to various risks like online bullying, disclosure of personal information, cyber-stalking, access to inappropriate content, online grooming, child abuse, etc. In addition there are many more risks like fake profiles with false information, malicious application, spam, and fake links which leads to phishing attacks etc.,

Spam:
As we all know that spam is usually unwanted e-mail advertising about a product sent to list of e-mails or group of e-mail addresses. Similarly spammers are sending the unwanted mails or messages to the billions of users of social networking sites which are free; and is easily accessable by spammers to gather the personal information of the unsuspecting users.

Scams
Online scammers generally send an e-mail or message with a link to the user which ask for the profile  information and tells  the user  that it would add new followers. These links sent to the user would be similar to applications, games etc. So whenever the user post his details in the link then the details will be received by scammers and information would be misused.

Phishing
As we all know the phishing attack is creation of fake site just similar to original site. Similarly these days even social networking phishing has come in different flavours just like phishing attacks on banks and popular trading websites. Social networking phishing has come up with fake mails and messages like offering some specialized themes, updating the profile, updating the security application/features etc. In order to see the updates the user needs to follow a link and log in, through which the credentials are taken by the attacker. The linked page is a fake copy of the original login page, focused on stealing user account credentials.

Clickjacking
Generally, clickjacking is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. Vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can run without the user's knowledge. The same is followed in the social networking domain. The objective behind such an attack is that users can be tricked into clicking in the links, icons, buttons etc, which could trigger running of processes at the background without the knowledge of the user.

Malicious applications
Malicious application might come through different application while using or installing software’s. Similarly, the clicking on the social networking application starts the application installation process or link to view the video, etc. In order to fulfil its intended operation the application requests for some elevated privileges from the user like access to my basic information , update on my wall, post on my wall, etc as shown in the following figure.


 fb.jpg

Sometimes e-Mails are received with  fake e-mail address like This email address is being protected from spambots. You need JavaScript enabled to view it. by an attachment named, “Facebook_Password_4cf91.zip and includes the file Facebook_Password_4cf91exe" that, the e-mail claims, contains the user's new facebook password. When a user downloads the file, it could cause a mess on their computer and which can be infected with malicious software.


Tips to avoid risks by social networking

  • Limit the information you put in the social networking sites.
  • Don’t put personal information like your family details, addresses, personal photographs, video, etc. In case if you put your personal photographs try to change settings and make visible only for friends
  • Most of the sites and services provide options for privacy settings to prevent attackers to view your information. You can make use of these options to choose/deny whom you want to allow to see your information.
  • Be careful if you want to meet social networking friends in person, some times it may not be their true identity which is posted on the social networking sites.
  • Always think before you meet such strangers. If you decide to meet them do it in a public place during the day. Kids should never be allowed to meet such strangers alone.
  •  Don’t ever click suspicious link while logged into social networking accounts.
  •  Always clean browser’s cookies and cache.
  • Install a good and latest version of Anti-virus to keep your system free from malicious applications like virus, worms and Trojans.
  • Don’t ever run any java scripts while logged into your social networking accounts.
  •  Don’t ever share your password with anyone; and keep changing your password regularly. Always use proper password (min 8 digits with a mix of alpha numeric & special characters)
  • Don’t ever login to any site other than the legitimate sites and always check the URL for misspelled links before you proceed further.
  • Use Virtual Keyboard, wherever possible to enter your password for better security as these cannot be captured by key-loggers.

References:
http://www.facebook.com
http://en.wikipedia.org/wiki/Clickjacking
http://www.pcworld.com/article/174646/password_reset_email_is_new_facebook_virus.html

Address

Centre for Development of Advanced Computing, (C-DAC)
Plot No. 6 & 7, Hardware Park, Sy No. 1/1, Srisailam Highway, Pahadi Shareef Via Keshavagiri (Post) Hyderabad - 500005

Phone

Phone: 040-23737124/25
Mobile: 040-23737124/25

TollFree

1800 425 6235

Email Address

isea[at]cdac[dot]in