2. Basics
•
Social media and social networking is all about communicating and sharing
information with people
•
Once the information is registered to a page it is no longer private
•
The personal information can be used to conduct attacks against both the user
and the users associates
•
The more one post the more vulnerable one become
•
The information posted is NOT only used in the social media
•
Attacks that uses the shared information but does NOT come by way of the
social networking sites: baiting, click-jacking, cross-site scripting, doxing,
elicitaion, pharming, phreaking, scams, spoofing and phishing
3. Baiting
•
Through a USB drive (or other electronic media) preloaded with malware,
worms etc. attacking when using the device
•
Prevent by ensuring the origin of the device is safe
4. Click-jacking
•
Secret hyperlinks under legitimate links which causes when clicked
unknowningly performed actions eg. downloading malware or sharing ID:s
•
Disable scripting and iframes, maximize the security options
6. Doxing
•
Public release of personal indentifying information (including pictures)
•
Be careful with what to share
7. Elicitation
•
Strategical use of conversation extracting information without giving the victim
the feeling of interrogation
•
Be aware of the tactics the social engineers use
8. Pharming
•
Redirecting users from safe sites to extract personal data (eg. mimicking bank
sites)
•
Type websites instead of clicking on links, look out for URL:s that use variations
in spelling or domain names
9. Phreaking
•
Gaining unauthorized access to telecommunication systems
•
Do not provide secure phone numbers providing access to a Private Branch
Exchange or through the Public Branch Exchange to the public phone network
10. Scams
•
Fake deals that trick people into providing eg. money in exchange for the deal
•
Sounds too good to be true? Popular events and news are often used as bait to
open infected emails, visit infected websites, or donate money to bogus
charities
11. Spoofing
•
Hiding or faking user identitys
•
Know the co-workers, clients etc. of a business or the family and friends on the
other hand
12. Phishing
•
Usually emails that looks like originated from a legitimate organization/person
and contains links or files with malware etc.
•
Do not open or click on attachments or links if not 100% sure of its safe