Social media allows users to share information publicly, but it also exposes them to various online threats. Once information is posted, it can be used to conduct attacks against both the user and their contacts. Attack methods mentioned in the document include baiting, clickjacking, cross-site scripting, doxing, elicitation, pharming, phreaking, scams, spoofing, and phishing. These attacks aim to secretly install malware, steal personal information, or trick users into revealing private details. The document advises being cautious about what information is shared online and checking URLs and email senders to avoid falling victim to such threats.
2. Basics
•
Social media and social networking is all about communicating and sharing
information with people
•
Once the information is registered to a page it is no longer private
•
The personal information can be used to conduct attacks against both the user
and the users associates
•
The more one post the more vulnerable one become
•
The information posted is NOT only used in the social media
•
Attacks that uses the shared information but does NOT come by way of the
social networking sites: baiting, click-jacking, cross-site scripting, doxing,
elicitaion, pharming, phreaking, scams, spoofing and phishing
3. Baiting
•
Through a USB drive (or other electronic media) preloaded with malware,
worms etc. attacking when using the device
•
Prevent by ensuring the origin of the device is safe
4. Click-jacking
•
Secret hyperlinks under legitimate links which causes when clicked
unknowningly performed actions eg. downloading malware or sharing ID:s
•
Disable scripting and iframes, maximize the security options
6. Doxing
•
Public release of personal indentifying information (including pictures)
•
Be careful with what to share
7. Elicitation
•
Strategical use of conversation extracting information without giving the victim
the feeling of interrogation
•
Be aware of the tactics the social engineers use
8. Pharming
•
Redirecting users from safe sites to extract personal data (eg. mimicking bank
sites)
•
Type websites instead of clicking on links, look out for URL:s that use variations
in spelling or domain names
9. Phreaking
•
Gaining unauthorized access to telecommunication systems
•
Do not provide secure phone numbers providing access to a Private Branch
Exchange or through the Public Branch Exchange to the public phone network
10. Scams
•
Fake deals that trick people into providing eg. money in exchange for the deal
•
Sounds too good to be true? Popular events and news are often used as bait to
open infected emails, visit infected websites, or donate money to bogus
charities
11. Spoofing
•
Hiding or faking user identitys
•
Know the co-workers, clients etc. of a business or the family and friends on the
other hand
12. Phishing
•
Usually emails that looks like originated from a legitimate organization/person
and contains links or files with malware etc.
•
Do not open or click on attachments or links if not 100% sure of its safe