US-CERT Cyber Security Tip ST06-003 — Staying Safe on Social
Cyber Security Tip ST06-003
Staying Safe on Social Network Sites
The popularity of social networking sites continues to increase,
among teenagers and young adults. The nature of these sites
security risks, so you should take certain precautions.
What are social networking sites?
Social networking sites, sometimes referred to as
sites, build upon the concept of traditional social networks where
connected to new people through people you already know. The purpose
networking sites may be purely social, allowing users to
friendships or romantic relationships, while others may focus
establishing business connections.
Although the features of social networking sites differ, they all
to provide information about yourself and offer some type of
mechanism (forums, chat rooms, email, instant messenger) that enables
connect with other users. On some sites, you can browse for people
certain criteria, while other sites require that you be “introduced”
people through a connection you share. Many of the sites have
subgroups that may be based on a particular interest.
What security implications do these sites present?
Social networking sites rely on connections and communication, so
encourage you to provide a certain amount of personal information.
deciding how much information to reveal, people may not exercise the
amount of caution as they would when meeting someone in person
* the internet provides a sense of anonymity
* the lack of physical interaction provides a false sense of
* they tailor the information for their friends to read, forgetting
others may see it
* they want to offer insights to impress potential friends or
While the majority of people using these sites do not pose a
malicious people may be drawn to them because of the accessibility
amount of personal information that’s available. The more
malicious people have about you, the easier it is for them to take
of you. Predators may form relationships online and then
unsuspecting individuals to meet them in person. That could lead to
dangerous situation. The personal information can also be used to
social engineering attack (see Avoiding Social Engineering and
Attacks for more information). Using information that you provide
location, hobbies, interests, and friends, a malicious person
impersonate a trusted friend or convince you that they have the
access other personal or financial data.
Additionally, because of the popularity of these sites, attackers may
them to distribute malicious code. Sites that offer applications
by third parties are particularly susceptible. Attackers may be able
create customized applications that appear to be innocent while
your computer without your knowledge.
How can you protect yourself?
* Limit the amount of personal information you post – Do not
information that would make you vulnerable, such as your address
information about your schedule or routine. If your connections
information about you, make sure the combined information is not
than you would be comfortable with strangers knowing. Also
considerate when posting information, including photos, about
* Remember that the internet is a public resource – Only post
you are comfortable with anyone seeing. This includes information
photos in your profile and in blogs and other forums. Also, once
post information online, you can’t retract it. Even if you remove
information from a site, saved or cached versions may still exist
other people’s machines (see Guidelines for Publishing
Online for more information).
* Be wary of strangers – The internet makes it easy for people
misrepresent their identities and motives (see Using Instant
and Chat Rooms Safely for more information). Consider limiting
people who are allowed to contact you on these sites. If you
with people you do not know, be cautious about the amount of
you reveal or agreeing to meet them in person.
* Be skeptical – Don’t believe everything you read online. People
false or misleading information about various topics, including
own identities. This is not necessarily done with malicious
could be unintentional, an exaggeration, or a joke. Take
precautions, though, and try to verify the authenticity of
information before taking any action.
* Evaluate your settings – Take advantage of a site’s privacy
The default settings for some sites may allow anyone to see
profile. You can customize your settings to restrict access to
certain people. However, there is a risk that even this
information could be exposed, so don’t post anything that you
want the public to see. Also, be cautious when deciding
applications to enable, and check your settings to see what
the applications will be able to access.
* Use strong passwords – Protect your account with passwords that
easily be guessed (see Choosing and Protecting Passwords for
information). If your password is compromised, someone else may
to access your account and pretend to be you.
* Check privacy policies – Some sites may share information such as
addresses or user preferences with other companies. This may lead
increase in spam (see Reducing Spam for more information). Also,
locate the policy for handling referrals to make sure that you do
unintentionally sign your friends up for spam. Some sites will
to send email messages to anyone you refer until they join.
* Use and maintain anti-virus software – Anti-virus software
most known viruses and protects your computer against them, so
be able to detect and remove the virus before it can do any
Understanding Anti-Virus Software for more information).
attackers are continually writing new viruses, it is important to
your definitions up to date.
Children are especially susceptible to the threats that social
sites present. Although many of these sites have age restrictions,
may misrepresent their ages so that they can join. By teaching
about internet safety, being aware of their online habits, and
to appropriate sites, parents can make sure that the children become
and responsible users (see Keeping Children Safe Online for
Author: Mindi McDowell
Produced 2006 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
< _moz-userdefined="" legal www>