SOCIAL MEDIA SECURITY ESSENTIALS

UNIT-2
(for More information refer the textbook)
1. Darkside Cybercrime?
Every community has areas that are on the wrong side of the tracks. The
virtual world can be a wonderful place, allowing you to interact with
networks of people,enjoy the isolation of a game, or chat with groups or

T
one-on-one, but not everyone or every place is safe.Social platforms rely on
sharing information, engaging others, and having trust. Social media is about
friends, followers, connections, and sharing.

fI
Cybercrime:
Cybercrime is a criminal activity that involves computers and the Internet.
A cybercriminal may use online resources to obtain information about a
person, as a medium to contact potential victims, gain access to systems,
to
and/or damage data and bring down systems. The types of offenses will vary,
but they will always involve technology and connectivity. The targets of
cybercrime may be computers or people.

A cybercriminal may focus an attack on systems using viruses or other

ep

malicious code, which we’ll discuss in Chapter 8, or by directly hacking a

system to gain unauthorized access. They may also focus their attention on
people to steal their identity, commit fraud, stalk, or bully them. It may also
be a precursor for other offenses, where the crime is initiated online, but
D

later violates or injures the person through later physical contact.

Scams:
Online scams aren’t new to the Internet but have evolved and taken new
twists on social networking sites. Cybercriminals can gain in-depth
information from your profiles and may make connections through friend
requests. This has made many of the scams sent through email more
personal and believable.
Eg:Grandparent scams have been typically done over the telephone and
involve an elderly person being called by someone claiming to be a relative
or grandchild.
 Using secure browsing :
Secure browsing is an important feature on any site containing personal
information or where you make online transactions. It’s important that any
communication between your computer and the sites used for banking or
online purchases is secure. Browsers should use Hypertext Transfer Protocol
Secure (HTTPS) to safely exchange data with a site, as this provides
encrypted communication and secure identification of a network’s Web
servers.

T
You can tell whether HTTPS is used by looking at the address bar in your
browser. The Uniform Resource Locator (URL) should begin with https://.

fI
Your browser may also display a padlock icon to show if the site is secure.
Newer versions of Internet Explorer display a padlock icon on the right side
of the address bar, while Firefox provides a Site Identity button to the left of
the address bar.
to
2. Social Engineering?
Social engineering is the practice of using various techniques to get people
to reveal sensitive or personal information. Using a variety of methods, a
person might get you to reveal the information by manipulating you, through
technological means or through documents you’ve made accessible. In many
ep

cases, you won’t realize it’s even happened until after you’re a victim, if you
even realize it at all.
There are many ways to use social engineering to get private and
confidential information. The simplest ways are very low tech. Shoulder
D

surfing involves looking at what a person types on a keyboard as they enter a

password or watch information that appears on the monitor as they type.
Another is to pose as someone who’s trying to help you and ask questions
that get you to reveal information. For example, if I called you at work and
identified myself as part of the IT department, I might say that there’s a
problem with your network account. Because it’s in your benefit for this to
be fixed, and if I drew it out long enough and was convincing, you might
give me your password so I can get into the system as you to “fix the
problem.”
 While Social Engineering is often associated with a conversation where the
tidbits of truth is slowly leaked out, it can (and often does) happen in ways
you wouldn’t consider. One method is through questions that people
distribute to one another via email or Facebook notes
● What is your favorite color?
● What is your real name?
● What city were you born in?
● What is the name of your favorite pet?
● What is your favorite food?
Dumpster diving:

T
Dumpster diving is a low tech way of getting information, which involves
pulling documents containing information from the trash. A person may
throw out a piece of paper with a password on it, a work document, pay stub,

fI
bill, or something else containing sensitive information. One in the trash,
anyone with access to the waste basket, a trash bag the janitor throws it into,
or the outside dumpster can pull it out and use it.
to
3. Hacked Accounts?
Hacking is a mainstream term that has come to refer to anyone who breaks
into a computer system. While for ease of understanding we use the term
throughout the book, the original definition of a hacker referred to a
computer enthusiast. It was someone who would hack away at a keyboard,
ep

programming, or working in some other way on a computer. A cracker is

what most people are actually referring to when they discuss hackers. A
cracker is someone who will try to crack the security of a system, breaking
into computers or cracking passwords.
D

An example of how hacking works In the case of the parody news site the
Onion (www.theonion.com), the hackers used phishing attacks that were
focused on the email accounts of staff members. Employees received an
email that had a link to the Washington post, which seemed to have a story
about their organization

Protecting yourself:
Monitoring your social media is important in determining whether a problem
has occurred. If you notice unexpected tweets or posts appearing, it could be
 a sign that a social media account has been compromised and/or someone
has gained access to your account. Being aware of what’s going on is
important to identifying a problem.

Trusted contacts:
At times, you may forget your Facebook password or be prevented from
accessing the account because someone’s changed the password. You could
try using the Forgot my Password option on the main page and have a link
sent to you to reset your password. Unfortunately, if the email has been

T
compromised, this could be an issue too. In such a case, you’d need to
provide Facebook with a new phone number or an email address to reach
you, so they can give you control of your account.

fI
4. Cyberstalking?
Cyberstalking is a form of repeated harassment that involves the Internet and
methods of electronic communication like email, online chat, and instant
to
messages. Just as an offline stalker will follow or stakeout a victim, an
online stalker will use electronic and Internet-based tools to track the object
of their obsession.

Victims of cyberstalking may be threatened, receive viruses or malware in

ep

email, and have false accusations or statements posted online to encourage

others to join in the harassing of the person. For obvious reasons,
cyberstalking can be terrifying for the victim.
D

Unfortunately, social media is an excellent tool for cyberstalkers to track and

monitor a person. Social networking sites can provide information on where
a person works, their location, who they associate with, likes and dislikes.
Using this, you may be able to identify where a person is at a given time and
meet them face to-face or engage them online.
Protecting yourself :
As with real-life stalkers, a cyberstalker’s motivation is to control the victim,
and this is done through intimidation. In cyberspace, the stalker may feel
even bolder, hidden behind aliases, and believing in the anonymity of the
Internet.
 Many victims have been involved in some kind of relationship with the
cyberstalker. They might be a former girlfriend or boyfriend, an estranged or
ex-husband/ wife, or someone else you’ve had an intimate relationship with.
They might even be a former friend or roommate. Because they had a
relationship with you in the real world, they had access to your computer,
mobile device, wireless router, and other equipment
5. Cyberbullying?
Cyberbullying is another form of online harassment, where a person or
group bullies a victim using the Internet and/or other methods of electronic
communications. If this sounds like cyberstalking, you’re not wrong in

T
making the comparison. Both involve many of the same methods to terrorize
a victim.

fI
The cyberbully may post abusive comments, send threatening or demeaning
messages, make audio or video records of someone without their consent, or
disclose personal information with the purpose of humiliating or
intimidating them. As with any bully, they like the power that comes through
to
humiliating and demeaning another person.

While cyberbullying often refers to behavior where a child or an adolescent

is bullying another minor, adults can also be bullied online. As with children,
if an adult is bullied, it’s important to speak up and tell others.
ep

6. Predators?
Just as there are predators in the wild, there are those who seek out prey on
the Internet. As we’ve seen in the previous sections, there are those who will
D

look for potential victims for blackmail, scams, and even Internet-initiated
sex crimes. Of course, adults aren’t the only victims.
● Don’t talk to strangers. While it may seem cliché, only 14% of those

who were solicited for sex knew the person. Young social network
users should avoid talking to strangers. For the rest of us, be wary of
them.
● If someone suggests meeting in person, don’t. In aggressive incidents,

75% of those soliciting a youth of sex suggested meeting in person.

 ● Talk to an adult if you have a problem. In 56% of incidents where a
youth was solicited for sex, they didn’t tell anyone. This leaves them
vulnerable to being groomed by a pedophile.
Monitoring tools:
The argument of privacy versus safety is always a controversial one, even
when it comes to monitoring a child or teenager’s online activity. Even if
you don’t want to aggressively monitor them, you should have access to
accounts

Parental control systems are useful in monitoring and controlling what a

T
child does online. Free software like Norton Family
(www.onlinefamily.norton.com) allows you to monitor sites that are visited,
control the time spent online, view what a person searches for online, and

fI
track activity on social networks.
If you’re concerned about a child or teenagers already having problems with
their online activities with a mobile device, then you may want to use more
aggressive monitoring tools.
to
Mobile Spy (www.mobile-spy.com) provides features that allow you to
monitor text messages, IM, sites visited, videos that were watched on
YouTube, and calls that were dialed and received on the phone. Some of the
more invasive features allow you to listen to the phone’s surroundings, track
ep

Global Positioning System (GPS) locations, and take photos using the
phone’s camera without the person knowing.
7. Phishing?
One social engineering technique is phishing, which is pronounced as
D

“fishing.” The term comes from the philosophy that if you cast a big enough
net, you’ll catch a few fish. It involves sending out bulk email or instant
messages to as many people as possible, asking them to provide information
or click a link. The link often takes them to a fake Web site that looks like a
legitimate site.
For example, it may look like a login screen for Facebook, Twitter, PayPal,
or a credit card company. You’re asked for your username and password,
credit card information, or some other data that a criminal is trying to obtain.
 Phishing may also be focused on specific targets, such as individual
employees or groups within an organization, which is referred to as
1. spear phishing. For example, let’s say I know you and a couple of
others in your company are in charge of social media, and I send you
an email posing as the IT department.
2. Whaling phishingis another variation, in which the attacker targets
bigger fish within the company. The target is a senior executive or
some other high-profile person within the company. By focusing on
these people, there is a better chance of acquiring more privileged
information that a low-level employee wouldn’t be privy to.

T
3. Context phishing can also be used to gain a person’s trust. Using this
method, I look at your online activity, using sites like eBay to discover
your bidding history, Facebook to find your birthday and friends, or

fI
MySpace to discover your interests. By mentioning bits and pieces of
information I know about you, I can know how to gain your trust and
have a better chance of your providing me additional information. By
compiling enough of this information, it is possible to use the data to
to
commit identity theft.
8. Hackers?
1. Phishing Attacks:
Hackers often use phishing to deceive users into providing personal
information. This can involve sending emails or messages that appear to be
ep

from legitimate sources, tricking users into clicking malicious links or

sharing their credentials.
2. Account Takeover:
Hackers may hijack accounts and hold them for ransom, demanding
D

payment for their return. This tactic exploits the emotional investment users
have in their accounts, which often contain years of memories and
connections.
3. Spreading Scams:
Once an account is compromised, hackers can use it to spread scams to the
victim's friends and followers, further propagating their malicious activities.
4. Identity Theft:
By gathering personal information from social media profiles, hackers can
impersonate individuals, potentially leading to identity fraud.
Exploiting Weak Passwords:
Many users still utilize weak or reused passwords, making it easier for
hackers to gain unauthorized access through brute force attacks or credential
stuffing.

T
fI
to
ep
D