Social networking sites supply valuable information to criminals
Social networking sites are attracting not only more and more users from around the world, but also more and more criminals. Security specialists say that MySpace, Facebook, Orkut and other sites for making and preserving contacts often contain extremely valuable information that can be abused to facilitate targeted attacks on users. E-mails with malicious contents, for example, can be made to look far more credible and thus persuade a victim to open an infected attachment. The sender might pose as a business partner or colleague. Phishing E-mails, too, could be formulated more specifically - and spam E-mails compatible with addressees' hobbies could be sent.
It's a remarkable fact, said Mary Landesman of the security firm ScanSafe to British media, that users of social networking sites give away details of their lives, loves, jobs and hobbies that they would never entrust to a stranger in a bar. This lays them open to attack. Security firms reported in mid-2007 on the first targeted attacks on people in business, industry and politics that made obvious use of information gathered beforehand from profiles on Facebook and Linked-In.
- do not give out real "critical data" such as your date of birth or address
- use a different pseudonym on each site you sign up to
- create and use a different anonymous email address for each site you sign up to
- avoid providing a "complete profile" on any site you use
- do not link between sites you use
- think "would I shout this out in a crowded street?" and "would I tell my boss?" before posting any content
- be just as particular with other peoples' information (e.g. friends' names)
- Targeted Trojan attacks executive PCs, heise Security news