Facebook, Twitter provide sensitive info for criminals

Users share too much information and often vent on social networking services

Social networking services like Facebook and Twitter foster a false sense of security and lead users to share information which can be used by cybercriminals and social engineers. The very concept of social networking is based on connecting and sharing, but with who?

A recent study found that many users simply accept requests to connect even if they do not know the person they are connecting with. The actual numbers found that 13% of Facebook users and a whopping 92% of Twitter users simply connect with anyone who asks.

Users share too much information and often vent on social networking services. Little tidbits of information about being out on vacation, or complaints about the new desktop operating system, or announcing an upcoming business trip to meet with a foreign competitor all offer tiny sparks of information which can be combined with other sparks to form a light that exposes more than should be shared.

There is a similar debate in the security community regarding out-of-office auto replies from email programs. Automatically sending an email to anyone that emails you including why you're not available, how long you will be gone, and the names, email addresses, and phone numbers of other users to contact in your absence is more information than should be shared outside of the company. Newer versions of products like Exchange and Outlook actually allow users to create separate out-of-office replies for internal and external emails to address the problem of sharing too much information with outsiders.

Its virtually impossible to prevent all such disclosures of information. The reason is that these tidbits are generally useless and innocuous alone. By themselves they appear to be harmless, verging on nonsensical, and most of them are. But, each tidbit reveals some small piece of a larger puzzle and an industrious criminal can dedicate the time and resources to gluing the innocuous, nonsensical pieces together to reveal a larger secret.

Organizations should be aware of the pros and cons of social networking and should have established policies regarding the acceptable use of company resources in connection with social networking. It is also a good idea to provide some awareness training about the security issues of social networking and educate users to be more careful of whom they connect with and the information they share.

Tony Bradley is an information security and unified communications expert with more than a decade of enterprise IT experience. He tweets as @PCSecurityNews and provides tips, advice and reviews on information security and unified communications technologies on his site at tonybradley.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitysocial networkingtwitter

More about FacebookGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place