Four reasons why Facebook boasting can expose you to crime
Users who share too much information could be in danger
By Joan Goodchild | CSO | Published: 13:32, 15 March 2011
My colleague, Bill Brenner, has a t-shirt he likes to wear that basically says social networking feeds the darker sides of human nature. The shirt is a parody of a venn diagram and shows the relationship between sites like Facebook and Twitter to what some might call undesirable character traits such as ADHD, stalking and narcissism.
Now there is research to back up what the shirt says. A study published this month in the journal Cyberpsychology, Behaviour and Social Networking finds women who base their self worth on their appearance tend to share more photos online and maintain larger networks on online social networking sites. Researchers say the results reveal women identify more strongly with their image and appearance and use Facebook as a platform to compete for attention.
We all want to put our best foot forward on social networks, but there are some things done in the name of vanity that can actually get you into trouble. Here's a rundown of how certain self-centred behaviours can leave you vulnerable to crime.
Related Articles on Techworld
Posting too many pictures
The aforementioned study highlights what most Facebook members already know: Facebook is a forum where most users seek to showcase the best of themselves. For many, that means photos of you looking great or in glamorous situations (think on holiday or posing with people at a party).
Why is this risky behaviour? Because the more information you put out there, the easier it is to target you, particularly if the criminal already knows what you look like.
Last month, a California man pleaded guilty to charges of blackmailing a young girl to send him pornographic images of herself after contacting her on Facebook. James Dale Brown somehow got hold of sexually explicit photos of the girl and used Facebook to find her and demand she send him a video of her having sex. Brown used the alias 'Bob Lewis' on Facebook and eventually sent links to an explicit image of the girl to one of the victim's 'friends'.
And in January, another California man, George Bronk, admitted to breaking into email accounts to find explicit photos of women. Bronk said he used Facebook to learn answers to the security questions that many email services, such as Yahoo and Gmail, use to reset passwords and compromised the accounts using that information.
Facebook photos are also the reason why some people get fired from their jobs. A recent survey from email security firm Proofpoint finds seven percent of organisations have fired an employee because of activity on social media sites, such as questionable photos that show the user in a less-than-desirable light.
Sharing too much information
It was last year around this time that the Dutch website developers behind pleasrobme.com made headlines. The site aggregated the Twitter feeds of people who play Foursquare, a location-sharing application that allows users to "check in" from their various geographic whereabouts as part of a game where they earn badges for reaching certain milestones. Pleasrobme pointed out that in doing this, users were also publicly broadcasting that their home is likely unattended and a good "opportunity" (as the site termed it) for thieves.
The site has since been disabled as the creators said their point was made and mission accomplished. But clearly people are still posting their location using Foursquare, as the site boasts about six million users. And there have been recent instances of criminals using the pleaserobme mentality to target empty homes. Three men in New Hampshire were arrested last year on charges of burglary after breaking into homes they knew were unattended. The crooks admitted to using Facebook to find targets.
Having too many friends
Having a lot of friends means you are really popular, right? Doubtful. Security experts say having a lot of friends means you'll friend and accept friend requests from anyone and aren't very discriminating about your network.
While having a big friends number may make you feel good about yourself, it puts you in some danger. Security firm Sophos conducted a Facebook ID probe last year and created a fabricated Facebook profile before sending out friend requests to individuals chosen at random from across the globe. To conduct the experiment, Sophos set up a profile page for 'Freddi Staur' (an anagram of 'ID Fraudster'), a small green plastic frog who divulged minimal personal information about himself. Sophos then sent out 200 friend requests to observe how many people would respond, and how much personal information could be gleaned from the respondents. The experiment revealed that 82 users, or 41 percent, were willing to divulge personal information, such as email address, date of birth and phone number, to a complete stranger.
This is especially risky if your job gives you access to a VIP or valuable data. Security researchers are noting there are more attacks that involve criminals who cyber stalk potential victims. The bad guys watch your activity to see what you say, then use it in an attack.
"There is definitely another network of crime where they are taking time and closely watching in order to pull off certain things," said Sophos' security advisor Chester Wisniewski.
Additionally, so-called "friend collectors," who typically have 2,500 friends or more, are considered soft targets by spammers who are more likely to friend them knowing they will be accepted and will then have access to thousands of potential spam victims.
Bragging too much
Of course you're really proud of your promotion or the award you received at work. But you may want to think it over before you post too much information about it in your status update or broadcast it to everyone who follows you on Twitter.
According to Attorney Pria Chetty, founder of Chetty Law, a recent global survey finds that the unauthorised disclosures of trade secrets by employees is among the top five intellectual property risks on social networks.
"This refers to the risk of employees who are not bound to appropriate internal policies sharing confidential information or trade secrets (formulas, know how) to their contacts through social media," Chetty said in a recent post.
But disclosing private information isn't always intentional, and is instead often leaked just by way of a good-intentioned employee who wants to share with social networking friends.
As Sophos' Wisniewski points out, even posting information on LinkedIn, generally seen as the lowest-risk social network, still poses a reasonable amount of risk.
"For someone looking for information about your organisation or looking for targeted bits about your company it's fantastic," he said. "I can go and search for your company name and three-quarters of your employees probably have profiles that tell me exactly what they do, what their position is. I can learn a lot about the company and, if I wanted to, I can then take on a social engineering attack and use that LinkedIn information for my attack through Facebook or email."