We usually spend a lot of time on the social networks , and we use them often in everyday situations so we could share a pictures with our family, attend to some great events, share our locations, and we use them even to chat with our friends and tell them some secrets, and we blindly trust them. I must agree that it's true that our well-known social networks are somewhat safe, because they really try to push the limits and use the technology to protect the everyday user. However, because I'm an ethical hacker
, It's my job to not believe in anything blindly.I would like to explain some everyday scenarios of how user can be hacked and his data can be abused in a social network. In my example, I would like to use Facebook as an example.Facebook is really great social network where you can spend some time, have fun and find everything including useful information, you can interact with your friends or meet new people, you could find some other pages, play games and use apps.However, from a security aspect, Facebook represents an endless world where data can be exploited and used for good or bad purposes. Many people (users) are not aware of the risks when they publish something on their account (profile), but there are many developers and hackers out there which can steal useful information if the user is tricked.Now, I would like to explain some usual methods of protection that hackers often use to exploit the sensitive information or abuse your account.
- Phishing attack - It's simple but powerful attack where user usually gets a link like : "Is this you? Click and login to see!" and tries to see the content, then the hacker redirects the user to a website which is designed similarly to what user expects to get (for example - facebook's login form) and gets the sensitive data and abuses the user's account.PROTECTION: Always make sure that you login on the real site, and don't click on any suspicious links, and don't give any sensitive data like card numbers or passwords. If something seems suspicious to you, try to compare the details, and believe in your hunch.
- Multiple tag attack - Some of your friends tag you in some event or picture, and when you click on it, you are also a victim of the same virus. In this attack, the hacker makes a malicious virus that's self-replicating, and when someone clicks on it, it replicates the virus to your friends and that's how many victims click and replicate the virus.PROTECTION: Don't click on the tag and don't open suspicious links. If you already clicked on the link, tell all of your people to avoid any links that are suspicious from you.
- Application attack - Facebook allows to the developers around the world to develop an web applications that can be used and connected into their system. Facebook tries to protect the users from malicious apps as much as possible and examines every application before it's published, but developers still find a way to publish malicious applications. The application usually looks like some quiz or game, but it is used to collect data like emails, your basic info, your friend list, even your messages. Sometimes the facebook app might force the user into installing some "plugin" and user could download and install the real virus without knowing.PROTECTION: If you don't trust to the application, don't give the permissions that are displayed before you run it. If you have given the permissions but you realized that it's a scam, In the Settings screen, click the setting for Apps, then hover over an app that you wish to modify or remove and click "Save" after you've made your changes.
- Mail attack - User gets mail or message sent from a fake mail that belongs to the hacker with similar content to "Facebook needs your username and password to verify if you are real user... We can protect you better..." and then the user gets abused if it clicks on the link and gives the verification data to the fake email.PROTECTION: Just ignore and delete, don't respond with anything (not even :I know that you are spammer, because that way you would give some other useful technical data like IP, Internet provider or location..).There are many other ways but the listed were more used. For better protection of your privacy, I would suggest you to minimize using any sensitive information while being online, avoid sharing publicly and If you ever end up with hacked profile, try to regain access with some recovery method (forgot password, phone verification etc.) or simply report the profile and prove that you are the real owner so facebook agents can help you.I hope that my discussion helped you and you find it productive, and I believe that if you are careful and aware of these everyday social engineering techniques, you could protect yourself better while you are online and you can hide your sensitive information.I am Dragan Ilievski, Bachelor of Computer Science and IT freelancer in many IT areas.