2. Basics
ā¢
Social media and social networking is all about communicating and sharing
information with people
ā¢
Once the information is registered to a page it is no longer private
ā¢
The personal information can be used to conduct attacks against both the user
and the users associates
ā¢
The more one post the more vulnerable one become
ā¢
The information posted is NOT only used in the social media
ā¢
Attacks that uses the shared information but does NOT come by way of the
social networking sites: baiting, click-jacking, cross-site scripting, doxing,
elicitaion, pharming, phreaking, scams, spoofing and phishing
3. Baiting
ā¢
Through a USB drive (or other electronic media) preloaded with malware,
worms etc. attacking when using the device
ā¢
Prevent by ensuring the origin of the device is safe
4. Click-jacking
ā¢
Secret hyperlinks under legitimate links which causes when clicked
unknowningly performed actions eg. downloading malware or sharing ID:s
ā¢
Disable scripting and iframes, maximize the security options
6. Doxing
ā¢
Public release of personal indentifying information (including pictures)
ā¢
Be careful with what to share
7. Elicitation
ā¢
Strategical use of conversation extracting information without giving the victim
the feeling of interrogation
ā¢
Be aware of the tactics the social engineers use
8. Pharming
ā¢
Redirecting users from safe sites to extract personal data (eg. mimicking bank
sites)
ā¢
Type websites instead of clicking on links, look out for URL:s that use variations
in spelling or domain names
9. Phreaking
ā¢
Gaining unauthorized access to telecommunication systems
ā¢
Do not provide secure phone numbers providing access to a Private Branch
Exchange or through the Public Branch Exchange to the public phone network
10. Scams
ā¢
Fake deals that trick people into providing eg. money in exchange for the deal
ā¢
Sounds too good to be true? Popular events and news are often used as bait to
open infected emails, visit infected websites, or donate money to bogus
charities
11. Spoofing
ā¢
Hiding or faking user identitys
ā¢
Know the co-workers, clients etc. of a business or the family and friends on the
other hand
12. Phishing
ā¢
Usually emails that looks like originated from a legitimate organization/person
and contains links or files with malware etc.
ā¢
Do not open or click on attachments or links if not 100% sure of its safe