It seems everyone’s on Facebook or Twitter these days: your friends, colleagues, children and parents. But what you need to remember is so are cyber criminals. Here's how to stay safe on social networking sites.
Whether it’s telling our friends where we’ve travelled to, what we’ve just bought or what brands we’ve “liked”, we now share a whole host of personal information across a number of social networking sites. With so much personal data on show, it’s not surprising that cyber criminals love social media. To you it may seem like harmless information, but when aggregated, this information becomes a lucrative goldmine for today’s cyber criminal.
So what tactics are cyber criminals using to extract our information and what can you do to protect yourself online?
See also: Beginner's guide to Twitter
Stay safe on social networks: Block phishing links
A common tactic for the socially-minded cyber criminal is to send direct messages through social media. The page they’re tweeting about, or posting to your wall, is likely to be a phishing website that looks very much like Twitter or Facebook, and you’ll be asked to verify your account details. Cyber criminals will then know how to log into your account and steal as much personal identity information about you as possible.
How do you stop this? One simple tactic might be not to friend or follow people you don’t know and to block and report any messages you think are suspicious. However, connecting with new people is half the fun of social media.
A better solution is to use internet security software that includes social networking controls. This should have anti-phishing technology that will check website URLs for the characteristics of fraudulent activity – alerting you before it’s too late.
How to stay safe on social networks: Stop keyloggers
Another threat to be aware of is Keylogging. Keylogging software is a kind of Trojan that records all your keystrokes and sends them back to the cyber criminal’s database. You may have unknowingly installed it at some point - it might have been hidden within another program you downloaded - but it could be silently running in the background.
When you log onto a social media site, the keylogging software records every stroke you make on your keyboard. Your username, your password - everything. Once the fraudster knows which sites you have visited and which keys you have pressed, he can quickly log in with your username and password. What’s more, he may be able to find out your place of birth, mother’s maiden name and any other private information that has been asked of you.
So how do you know if there is keylogging software on your machine? Your internet security software should be able to detect the malicious software – and then quarantine it before it can do any harm. Malware can install at a deeper level and you’ll need to perform a rootkit scan to identify it.
How to stay safe on social networks: Use a virtual keyboard
While internet security can help detect keylogging software on your PC, sometimes cyber criminals manage to insert a piece of Java code onto a legitimate website and use that as a keylogger. So if you type your details into that site, the keylogging Java will capture your data.
Many internet security solutions now come with a ‘Virtual Keyboard’ so you don’t have to physically type in your details – you can just click on the right characters on the image of the keyboard on the screen. This ensures usernames, passwords, bank card details and other confidential data can be safely entered into social networking sites.
There is also another piece of technology known as ‘Secure Keyboard’ which activates automatically when you open the login page of a secure site like a bank or a social network.
How to stay safe on social networks: Strengthen your password
You can use technology to stop someone stealing your password, but this is pointless if your password is easy to guess. The average Internet user has an average of five password-protected accounts and you may even use the same weak password for all of them. Also if you use personal details that can be found on your Facebook or Twitter profile for the password, such as your cat’s name, you’re making it very easy for the hacker to guess the right one.
With the number of different accounts requiring secure login, it is hard to create and remember unique passwords for each one – and then to change them every month. However, this task can be made much easier by the password managers included in many internet security solutions, such as that in Kaspersky Pure Total Security 3.0.
A password manager generates a secure, unique password for each website you access and then safely stores it on your computer, and possibly in the cloud also. You log into the password manager, the password manager enters the right password for the site you are trying to enter. You get the best of both worlds: a unique password that you don’t have to keep in your head, and one that can be safely accessed from any PC with an Internet connection.
How to stay safe on social networks: Have fun, don’t worry
As social media continues to grow, the threat from cyber crime is only going to increase. We all know that the world can be a dangerous place, but we don’t stay at home for fear of these things – we take sensible precautions to mitigate the risk. The same should apply online. By thinking twice about what information you are sharing online and the use of the right technology such as password management tools and anti-phishing features, there’s no reason why you can’t socialise online without compromising your identity.
You might be interested in: 'Tweet' hits the Ofxord English Dictionary
About the author:
David Emm is Senior Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and worked in the antivirus industry since 1990 in a variety of roles, including that of Senior Technology Consultant with Dr. Solomon’s and Systems Engineer and Product Manager at Network Associates.
David has a strong interest in malware, ID theft and the security industry in general and developed the company’s Malware Defence Workshop. He is a knowledgeable advisor on all aspects of online security, and a regular presenter at exhibitions and events, frequently providing comment to both broadcast and print media on the latest security threats and how users can stay safe online.
Why cyber criminals love social media