Threaths and risks

194 views
138 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
194
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Threaths and risks

  1. 1. Threaths and Risks in Social Media
  2. 2. Basics • Social media and social networking is all about communicating and sharing information with people • Once the information is registered to a page it is no longer private • The personal information can be used to conduct attacks against both the user and the users associates • The more one post the more vulnerable one become • The information posted is NOT only used in the social media • Attacks that uses the shared information but does NOT come by way of the social networking sites: baiting, click-jacking, cross-site scripting, doxing, elicitaion, pharming, phreaking, scams, spoofing and phishing
  3. 3. Baiting • Through a USB drive (or other electronic media) preloaded with malware, worms etc. attacking when using the device • Prevent by ensuring the origin of the device is safe
  4. 4. Click-jacking • Secret hyperlinks under legitimate links which causes when clicked unknowningly performed actions eg. downloading malware or sharing ID:s • Disable scripting and iframes, maximize the security options
  5. 5. Cross-site scripting • Malicious codes injected to trusted websites • Turn off ”HTTP TRACE” support
  6. 6. Doxing • Public release of personal indentifying information (including pictures) • Be careful with what to share
  7. 7. Elicitation • Strategical use of conversation extracting information without giving the victim the feeling of interrogation • Be aware of the tactics the social engineers use
  8. 8. Pharming • Redirecting users from safe sites to extract personal data (eg. mimicking bank sites) • Type websites instead of clicking on links, look out for URL:s that use variations in spelling or domain names
  9. 9. Phreaking • Gaining unauthorized access to telecommunication systems • Do not provide secure phone numbers providing access to a Private Branch Exchange or through the Public Branch Exchange to the public phone network
  10. 10. Scams • Fake deals that trick people into providing eg. money in exchange for the deal • Sounds too good to be true? Popular events and news are often used as bait to open infected emails, visit infected websites, or donate money to bogus charities
  11. 11. Spoofing • Hiding or faking user identitys • Know the co-workers, clients etc. of a business or the family and friends on the other hand
  12. 12. Phishing • Usually emails that looks like originated from a legitimate organization/person and contains links or files with malware etc. • Do not open or click on attachments or links if not 100% sure of its safe
  13. 13. Sources • http://www.fbi.gov/about-us/investigate/counterintelligence/internet-socialnetworking-risks

×