Social Media - Threats and Vulnerabilities

Social Media: Threats and vulnerabilities

Social Media: Threats and vulnerabilities

Online Social Networks such as Facebook, Twitter, MySpace etc. play a very important role in our society today, which is heavily influenced by information technology. Despite the facts that social media sites tend to be very user friendly and more often than not, completely free, there are some people that still remain reluctant to use such networking sites, primarily due to privacy concerns. Some of these people have made claims suggesting that these sites have made the world more public and far less private. Their concerns may not be as misguided as some people believe, however. The social change, as related to information technology, has been claimed to be a positive change, because it allows people to be connected to others all across the globe, in a more easy fashion. Today, millions of internet users regularly visit thousands of different social websites to stay connected to their friends, share their thoughts, photos, videos and discuss all kinds of topics, including common interests, social topics, even politics. However, as previously stated, social media, despite being quite popular and even successful on many levels, does come with the potential to open the doors, so to speak, creating potential threats and making vulnerabilities more prominent.

Social networks attract thousands upon thousands, if not millions, of users on a daily basis who represent potential victims to attackers. There are numerous different types of potential social engineering attacks that can take place via social networks, and social media. One of the more common types of attacks, is phishing. Phishing is a form of social engineering in which an attacker attempts to fraudulently acquire sensitive information from a victim by impersonating a trustworthy third party. Phishing attacks today typically employ generalized “lures”. For instance, a hacker misrepresenting himself as a large banking corporation or popular online auction site will have a reasonable yield, despite knowing little to nothing about the recipient. The hacker can, with very little work or even experience under his or her belt, easily find out a great deal of information about the third party simply by doing a few searches. In fact, the amount of information out there today, about nearly any one organization is far greater than it has ever been before. Phishing attacks can incorporate greater elements of context to become more effective. In other forms of context aware phishing, an attacker would gain the trust of victims by obtaining information about their bidding history or shopping preferences. Phishing attacks can be perfected by means of publicly available personal information from social networks, along with any information garnered from a simple search

...