4 reasons why Facebook and vanity don't mix

A look at why self-glorification on social networks may make you the target of criminal adoration

My colleague, Bill Brenner, has a t-shirt he likes to wear that basically says social networking feeds the darker sides of human nature. The shirt is a parody of a Venn Diagram and shows the relationship between sites like Facebook and Twitter to what some might called undesirable character traits, such as ADHD, stalking and narcissism.

Now there is research to back up what the shirt says. A study published this month in the journal Cyberpsychology, Behavior and Social Networking finds women who base their self worth on their appearance tend to share more photos online and maintain larger networks on online social networking sites. Researchers say the results reveal women identify more strongly with their image and appearance, and use Facebook as a platform to compete for attention.

See also: Social media risks: The basics

We all want to put our best foot forward on social networks, but there are some things done in the name of vanity that can actually get you into trouble. Here's a rundown of how certain self-centered behaviors can leave you vulnerable to crime.

Posting too many pictures

The aforementioned study highlights what most Facebook members already know: Facebook is a forum where most users seek to showcase the best of themselves. For many, that means photos of you looking great, or in glamorous situations (think on vacation, or posing with many people at a party).

Why is this risky behavior? Because the more information you put out there, the easier it is to target you, particularly if the criminal already knows what you look like.

Last month, a California man pleaded guilty to charges of blackmailing a young girl to send him pornographic images of herself after contacting her on Facebook. James Dale Brown somehow got a hold of sexually explicit photos of the girl and used Facebook to find her and demand she send him a video of her having sex. Brown used the alias 'Bob Lewis' on Facebook and eventually sent links to an explicit image of the girl to one of the victim's 'friends.'

And in January, another California man, George Bronk, admitted to breaking into e-mail accounts to find explicit photos of women. Bronk said he used Facebook to learn answers to the security questions that many e-mail services, such as Yahoo and Gmail, use to reset passwords and compromised the accounts using that information.

Facebook photos are also the reason why some people get fired from their jobs. A recent survey from email security firm Proofpoint finds seven percent of organizations have fired an employee because of activity on social media sites, such as questionable photos that show the user in a less-than-desirable light.

Sharing too much information

It was last year around this time that the Dutch web site developers who created pleasrobme.com made headlines. The site aggregated the Twitter feeds of people who play Foursquare, a location-sharing application that allows users to "check in" from their various geographic whereabouts as part of a game where they earn badges for reaching certain milestones. Pleasrobme pointed out that in doing this, users were also publicly broadcasting that their home is likely unattended and a good "opportunity" (as the site termed it) for thieves.

The site has since been disabled as the creators said their point was made and mission accomplished. But clearly people are still posting their location using Foursquare, as the site boasts about 6 million users. And there have been recent instances of criminals using the pleaserobme mentality to target empty homes. Three men in New Hampshire were arrested last year on charges of burglary after breaking into homes they knew were unattended. The crooks admitted to using Facebook to find targets.

Having too many friends

Having a lot of friends means you are really popular, right? Doubtful. Security experts say having a lot of friends means you'll friend, and accept friend requests from, anyone and aren't very discriminating about your network.

While having a big friends number may make you feel good about yourself, it puts you in some danger. Security firm Sophos conducted a Facebook ID probe last year and created a fabricated Facebook profile before sending out friend requests to individuals chosen at random from across the globe. To conduct the experiment, Sophos set up a profile page for 'Freddi Staur' (an anagram of 'ID Fraudster'), a small green plastic frog who divulged minimal personal information about himself. Sophos then sent out 200 friend requests to observe how many people would respond, and how much personal information could be gleaned from the respondents. The experiment revealed that 82 users, or 41 percent, were willing to divulge personal information, such as email address, date of birth and phone number, to a complete stranger.

This is especially risky is your job gives you access to a VIP or valuable data. Security researchers are noting more attacks that involve criminals who cyber stalk potential victims. The bad guys watch your activity to see what you say, and then use it in an attack.

"There is definitely another network of crime where they are taking time, and closely watching in order to pull off certain things," said Sophos' security advisor Chester Wisniewski.

Additionally, so-called "friend collectors," who typically have 2,500 friends or more, are considered soft targets by spammers who are more likely to friend them knowing they will be accepted and will then have access to thousands of potential spam victims.

Bragging too much

Of course you're really proud of your promotion or the award you received at work. But you may want to think it over before you post too much information about it in your status update or broadcast it to everyone who follows you on Twitter. According to Attorney Pria Chetty, founder of Chetty Law, a recent global survey finds that the unauthorized disclosures of trade secrets by employees is among the top five intellectual property risks on social networks.

"This refers to the risk of employees who are not bound to appropriate internal policies sharing confidential information or trade secrets (formulas, know how) to their contacts through social media," Chetty said in a recent post.

But disclosing private information isn't always intentional, and is instead often leaked just by way of a good-intentioned employee who wants to share with social networking friends.

As Sophos' Wisniewski points out, even posting information on LinkedIn, generally seen as the lowest-risk social network, still poses a reasonable amount of risk.

"For someone looking for information about your organization or looking for targeted bits about your company it's fantastic," he said. "I can go and search for your company name and three-quarters of your employees probably have profiles that tell me exactly what they do, what their position is. I can learn a lot about the company and, if I wanted to, I can then take on a social engineering attack and use that LinkedIn information for my attack through Facebook or email."

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessecuritysocial networkingtwitterinternetFacebook

More about BillFacebookProofpointSophosTMIYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts