How Safe Is YOUR Social Network?
9 likes6,029 views
The document discusses various aspects of social media security, highlighting statistics and privacy issues across popular platforms like Facebook, Twitter, and LinkedIn. It outlines the risks of cyber threats such as phishing, impersonation, and botnets, emphasizing the lack of security policies among small to medium-sized businesses. Additionally, it notes alarming trends in user behavior regarding data sharing and protection, raising concerns about overall privacy and security in social networks.
How Safe Is YOUR Social Network?
- 1. HOW SAFE IS YOUR CHECKING YOUR "SOCIAL SECURITY” SOCIAL NETWORK?
- 2. SOCIAL MEDIA STATS FACEBOOK 49%FEMALE USERS 51%MALE USERS 310,000,000UNIQUE VISITORS 28%FEMALE USERS 72%MALE USERS GOOGLE + 20,000,000UNIQUE VISITORS
- 3. 27,500,000 48%FEMALE USERS 52%MALE USERSUNIQUE VISITORS STUMBLE UPON 55%FEMALE USERS 45%MALE USERS 180,000,000UNIQUE VISITORS TWITTER 25%FEMALE USERS 75%MALE USERS 13,752,948UNIQUE VISITORS REDDIT
- 4. AVERAGE MINUTES PER VISITOR PER MONTH FACEBOOK 6.75HOURS 1.5HOURS PINTERESTTWITTER 21MINUTES LINKEDIN 17MINUTES GOOGLE + 3MINUTES STUMBLE UPON 1.5HOURS
- 5. SOCIAL MEDIA PRIVACY SCORES based off of 260 metrics from data-collection to privacy policies. 1 .9 .8 .7 .6 .5 .4 .3 .2 .1 LINKEDIN CLASSMATES.COM FACEBOOK TWITTER MYSPACE HI5 FRIENDSTER PRIVACYSCORE (weak) (average) (strong)
- 6. SOCIAL NETWORKING WORMS Enlist more machines into its botnet, and hijack more accounts to send more spam to enlist more machines. All the while making money with the usual botnet business, including scareware and Russian dating services. Multiple worm attacks. Mikeyy worm started to spread via Twitter posts by encouraging you to click on a link. 1/6/2013TWITTER TOP 10 THREATS
- 7. PHISHING BAIT The e-mail that lured you to sign into Facebook, hoping you don't pick up on the fbaction.net URL in the browser. Phishing attacks designed to gain passwords for profit.FACEBOOK 5/18/2013 TROJANS URL Zone is a similar banking Trojan, but even smarter, it can calculate the value of the victim's accounts to help decide the priority for the thief.
- 8. SHORTENED LINKS URL shortening services (e.g., Bit.ly and Tinyurl) to fit long URLs into tight spaces. They also do a nice job of obfuscating the link so it isn't immediately apparent to victims that they're clicking on a malware install. DATA LEAKS Users share a bit too much about the organization -- projects, products, financials, organizational changes, scandals, or other sensitive information. Passwords have been stolen. 6 million were compromised.LINKEDIN 6/6/2012
- 9. ADVANCED PERSISTENT THREATS (APT) is the gathering of intelligence about persons of interest (e.g., executives, officers, high-net-worth individuals), for which social networks can be a treasure trove of data. BOTNETS Twitter accounts being used as a command and control channel for a few botnets. The standard command and control channel is IRC, but some have used other applications -- P2P file sharing in the case of Storm -- and now, cleverly, Twitter. !
- 10. CROSS-SITE REQUEST FORGERY (CSRF) CSRF attacks exploit the trust a social networking application has in a logged-in user's browser. So as long as the social network application isn't checking the referrer header, it's easy for an attack to "share" an image in a user's event stream that other users might click on to catch/spread the attack. IMPERSONATION Several impersonators have gathered hundreds and thousands of followers on Twitter -- and then embarrassed the folks they impersonate. TRUST Like e-mail, when it hit the mainstream, or instant messaging when it became ubiquitous, people trust links, pictures, videos and executables when they come from "friends".
- 11. 87%of small to medium-sized businesses do not have formal, written internet security policies. 70%of these businesses lack policies for employees’ use of social media, despite the fact that they are increasingly favored by cybercriminals for phishing attacks.
- 12. Once an attacker gains access to their account, they can easily find a way to mine more information and to use this to access their other accounts. The same is true for corporate accounts, which are publicly available on sites, like LinkedIn. !
- 13. 90% of sites don’t require a full name or date of birth for permission to join. 80%of users failed to use standard encryption protocols to protect sensitive user data from hackers. 71%of websites reserve the right to share user data with third parties in their privacy policies.
- 14. CLICK TO SEE THE FULL INFOGRAPHIC HERE: RESOURCES http://preibusch.de/publications/Bonneau_Preibusch__Privacy_Jungle__2009-05-26.pdf http://www.hula-hub.com/2012/03/21/top-social-media-statistics-infographic-2012/ http://www.marketingprofs.com/charts/2010/3596/social-networks-influential-not-always-trusted http://www.digitaladvocate.net/?p=504 http://mashable.com/2012/11/28/social-media-time/ http://www.networkworld.com/news/2010/010710-social-networking-hacks.html?page=2 http://detroit.cbslocal.com/2012/06/06/report-linkedin-networking-site-hacked/ http://blog.ussignalcom.com/blog-1/bid/278223/Cyber-Attacks-2013-Hackers-Exploit-Social-Media http://about-threats.trendmicro.com/us/webattack/75/spam%20scams%20and%20other%20social%20media%20threats http://www.computerweekly.com/news/1280090217/Privacy-rankings-LinkedIn-and-Bebo-high-Facebook-and-MySpace-average-Badoo-low