The document discusses various aspects of social media security, highlighting statistics and privacy issues across popular platforms like Facebook, Twitter, and LinkedIn. It outlines the risks of cyber threats such as phishing, impersonation, and botnets, emphasizing the lack of security policies among small to medium-sized businesses. Additionally, it notes alarming trends in user behavior regarding data sharing and protection, raising concerns about overall privacy and security in social networks.

1. HOW SAFE IS YOUR
CHECKING YOUR "SOCIAL SECURITY”
SOCIAL
NETWORK?

2. SOCIAL MEDIA STATS
FACEBOOK
49%FEMALE USERS
51%MALE USERS
310,000,000UNIQUE VISITORS
28%FEMALE USERS
72%MALE USERS
GOOGLE +
20,000,000UNIQUE VISITORS

3. 27,500,000 48%FEMALE USERS
52%MALE USERSUNIQUE VISITORS
STUMBLE UPON
55%FEMALE USERS
45%MALE USERS
180,000,000UNIQUE VISITORS
TWITTER
25%FEMALE USERS
75%MALE USERS
13,752,948UNIQUE VISITORS
REDDIT

4. AVERAGE MINUTES PER VISITOR PER MONTH
FACEBOOK
6.75HOURS
1.5HOURS
PINTERESTTWITTER
21MINUTES
LINKEDIN
17MINUTES
GOOGLE +
3MINUTES
STUMBLE UPON
1.5HOURS

5. SOCIAL MEDIA PRIVACY SCORES
based off of 260 metrics from data-collection to privacy policies.
1
.9
.8
.7
.6
.5
.4
.3
.2
.1
LINKEDIN
CLASSMATES.COM
FACEBOOK
TWITTER
MYSPACE
HI5
FRIENDSTER
PRIVACYSCORE
(weak)
(average)
(strong)

6. SOCIAL NETWORKING WORMS
Enlist more machines into its botnet, and hijack more accounts to
send more spam to enlist more machines. All the while making
money with the usual botnet business, including scareware and
Russian dating services.
Multiple worm attacks. Mikeyy
worm started to spread via
Twitter posts by encouraging
you to click on a link.
1/6/2013TWITTER
TOP 10 THREATS

7. PHISHING BAIT
The e-mail that lured you to sign into Facebook, hoping you don't
pick up on the fbaction.net URL in the browser.
Phishing attacks designed to
gain passwords for profit.FACEBOOK 5/18/2013
TROJANS
URL Zone is a similar banking Trojan, but even smarter, it can
calculate the value of the victim's accounts to help decide the
priority for the thief.

8. SHORTENED LINKS
URL shortening services (e.g., Bit.ly and Tinyurl) to fit long URLs
into tight spaces. They also do a nice job of obfuscating the link so
it isn't immediately apparent to victims that they're clicking on a
malware install.
DATA LEAKS
Users share a bit too much about the organization -- projects,
products, financials, organizational changes, scandals, or other
sensitive information.
Passwords have been stolen.
6 million were compromised.LINKEDIN 6/6/2012

9. ADVANCED PERSISTENT THREATS
(APT) is the gathering of intelligence about persons of interest
(e.g., executives, officers, high-net-worth individuals), for which
social networks can be a treasure trove of data.
BOTNETS
Twitter accounts being used as a command and control channel for
a few botnets. The standard command and control channel is IRC,
but some have used other applications -- P2P file sharing in the
case of Storm -- and now, cleverly, Twitter.
!

10. CROSS-SITE REQUEST FORGERY (CSRF)
CSRF attacks exploit the trust a social networking application has
in a logged-in user's browser. So as long as the social network
application isn't checking the referrer header, it's easy for an attack
to "share" an image in a user's event stream that other users might
click on to catch/spread the attack.
IMPERSONATION
Several impersonators have gathered hundreds and thousands of
followers on Twitter -- and then embarrassed the folks they
impersonate.
TRUST
Like e-mail, when it hit the mainstream, or instant messaging when
it became ubiquitous, people trust links, pictures, videos and
executables when they come from "friends".

11. 87%of small to medium-sized
businesses do not have formal,
written internet security policies.
70%of these businesses lack
policies for employees’ use of
social media, despite the fact that
they are increasingly favored by
cybercriminals for phishing attacks.

12. Once an attacker gains access to their account, they
can easily find a way to mine more information and to
use this to access their other accounts. The same is
true for corporate accounts, which are publicly
available on sites, like LinkedIn.
!

13. 90% of sites don’t require a full name or date of
birth for permission to join.
80%of users failed to use standard encryption
protocols to protect sensitive user data from hackers.
71%of websites reserve the right to share user
data with third parties in their privacy policies.

14. CLICK TO SEE THE FULL INFOGRAPHIC HERE:
RESOURCES
http://preibusch.de/publications/Bonneau_Preibusch__Privacy_Jungle__2009-05-26.pdf
http://www.hula-hub.com/2012/03/21/top-social-media-statistics-infographic-2012/
http://www.marketingprofs.com/charts/2010/3596/social-networks-influential-not-always-trusted
http://www.digitaladvocate.net/?p=504
http://mashable.com/2012/11/28/social-media-time/
http://www.networkworld.com/news/2010/010710-social-networking-hacks.html?page=2
http://detroit.cbslocal.com/2012/06/06/report-linkedin-networking-site-hacked/
http://blog.ussignalcom.com/blog-1/bid/278223/Cyber-Attacks-2013-Hackers-Exploit-Social-Media
http://about-threats.trendmicro.com/us/webattack/75/spam%20scams%20and%20other%20social%20media%20threats
http://www.computerweekly.com/news/1280090217/Privacy-rankings-LinkedIn-and-Bebo-high-Facebook-and-MySpace-average-Badoo-low