Kevin Curran

Kevin Curran is a Professor of Cyber Security, Executive Co-Director of the Legal innovation Centre and group leader of the Ambient Intelligence & Virtual Worlds Research Group at Ulster University. He is a regular technology contributor to TV, radio, trade and consumer IT magazines.

I sometimes get asked by family and friends about the risks of being on social media platforms such as Facebook, Twitter and Instagram. Of course, I could give a defacto answer that one should always reduce one’s footprint online as obviously one is disclosing information about one’s life which could be used in a phishing attack. However, I simply ask them do the benefits of sharing on social platforms outweigh the perceived risks. There are however some risks of course. So what are these risks?

Doxing

Doxing is the most common way cybercriminals exploit social media platforms. Doxing is the hacking term for the Internet-based practice of researching identifiable information about an individual or organization. It can be conducted on public databases and increasingly on social media websites. There are some specialised search tools for this technique, but the most popular method is to conduct searches on search engines like Google or Bing. The other popular method is to trawl through social media sites like Facebook, Twitter and LinkedIn which can offer quite detailed private information such as photos, family connections, place of employment, email address and phone numbers.

The question that social media users should then ask – is what information is safe to disclose on social media sites?

In a nutshell, users should keep their media profiles on sites like Facebook, Twitter and LinkedIn to a minimum e.g. name and not post any identifying information such as address, place of work or date of birth. Information like this can be used in phishing emails or by hackers for identity theft.

Email Phishing

Email phishing is one of the most potent methods used by fraudsters to compromise user accounts. Phishing messages generally try to convince the recipient that they are from a trusted source. “Spear-phishing” is a technique whereby criminals use personal information to earn trust and lower the intended victim’s defences increasing the chances they may open attachments or embedded links and that is where ‘leaked personal identifying information’ online can leave a user more susceptible to a targeted phishing email.

Location sharing can also be dangerous as the mapping has improved and nowadays you can often be broadcasting your exact location. You may also be putting your home valuables at risk if you are being targeted. This can be done by turning location settings off on your device. The same risk applies to checking in with various apps and using some public wi-fi hotspots.

Webcam Sextortion

There is also webcam sextortion exploitations. Webcam blackmail has evolved to trick unwitting victims into parting with money after chat sessions are recorded and threats made to publish recordings online. In many cases, someone is lured into taking part in a video chat session after making a new friend on a social media site or after receiving a message via a dating app or Skype. After chatting for a while, the victim is encouraged to take their clothes off and may engage in sexual activities. At the end of the call, they are told the session was recorded and that footage will be published online if they do not pay a ransom.

Fake Profiles

Most of the scams on social media come from fake profiles. Fake profiles are a widespread practice and that is the number one reason one should not add people in Facebook that they do not know. Usually, these profiles include pictures of a very beautiful woman or man. This is done to make the profile appealing and to trick someone into adding the criminal as a friend. Once they do, they will not only spy on that person’s personal information and photos but could send them malicious content and messages. Common attacks include clickjacking, drive by downloading or direct messages with malware.

Staying safe on social media

Other aspects that can be done especially on sites such as Facebook include:

  • Scaling down the “friends” list to just real friends. Do you really want everyone to know what you do each evening and when you take a holiday?
  • Be careful about which applications you grant permission to extract information from your profile.
  • Never approve a friend that you do not know. If unsure, send them a message to clarify how it is you know them. Also always check how long they have been on the site. Scam profiles generally are created in the recent past.
  • Always do a periodic privacy and security settings check as social media sites tend to default settings to the least-secure setting whenever new redesigns occur.
  • Always think carefully about the visibility of each post – whether it is appropriate for public or friends only. Generally, most personal posts such as family events should always be just for your friends and friends of friends.