FBI Counterintelligence releases Social Networking Risks Report
New FBI report details high risk methods of social networking deception used by so called hackers to gain personal information for the purpose of defrauding the unsuspecting user.
The FBI Counterintelligence
report titled, "Internet Social Networking Risks" began by stating social networks have revolutionized how people communicate immediately followed by what the FBI Counterintelligence considers to be the two major strategies used by criminals and "dishonesty actors".
The first strategy involves the hacking of computer code in order to gain access to user computers and phones. The second strategy used is referred to as social hacking or "social engineers". It is the process of exploiting personal connections and manipulation through personal interaction.
"Humans are the weak link in cyber security."
Hackers are aware humans are the greatest risk to their own on-line security and set out to take advantage of this fact in order to slip past security walls. The hackers design their traps to appear to be harmless and above aboard.
The report goes on to say social networks which are by definition Internet-based services, allowing users to share information and at times they unwittingly practice "over-sharing." It stands to reason the more information shared the greater the risk in spite of high security settings offered by the social networking site. Predators looking to steal account information, hackers, and even business computers troll social networking sites looking for any sign of an information leak which would allow them to exploit. Furthermore, information obtained by trolling these sites may be used later to tailor a specific attack against a person or business.
The report gives some specific examples of misleading and deceptive tactics used by these less than honest attackers. The first being what is called "Baiting"
which is a preloaded malware virus onto a USB stick or portable media. When you use the stick/media, the malware is launched and would allow the hacker to infiltrate your system. Safeguard solution:
Virus scan all portable media before using it.
The next tactic described in the report is called "Click-jacking"
which is the method of hiding hyper-links under legitimate buttons. The hyper-links when used trigger either a malware download or sends your ID to a nefarious site. An example of this would be either a "like" button often used on social networking sites or "share." Possible Safeguard solution:
Disable scripting (which is a type of web programming allowing interaction to be built between the web page and the user) and I-frame in web browsers.
Another disastrous method used is called "Doxing."
This is when a hacker releases all private information about a person to the public such as full name, birthday, address, and so on gained from over-informed social network profile pages. Safeguard solution:
Start by not releasing detailed information onto social networks and using security measures offered by social networking sites.
The FBI report goes on to include "Elicitation."
The method of gaining personal information through casual conversations, over a social networking site, without giving the person any indication they are being farmed for information. Elicitation is also called social engineering. Safeguard solution:
Be aware of situations where a person on the other end of a conversation may be asking too many personal or intrusive questions about you and your life.
The next example is one of the most predominate methods used; it's called "Pharming."
The redirecting users from real websites to bogus ones. For the purpose of retrieving personal information about the user. An example, would be on-line banking. Safeguard solution:
Watch the spelling of URL's and domain names or use the .com tags. It is suggested the user type out the site address rather than clicking a link button.
The next method called "Phishing"
works hand in hand with the previous example. Phishing is the means of producing or replacing a legitimate electronic communication such as an email with a false one looking and acting like the real one. These look alike communications often can be in a link to or file of malware. Phishing by itself looks to trick to any general victim. Where Spare Phishing targets one particular person. Safeguard solution:
Don't open any emails or email attachments from people or addresses you do not know. If you happen to receive an email from someone you do know and are suspicious; don't be afraid to ask the person about it.
is another more common method of deceiving an unsuspecting user. Spoofing is the practices of hiding ones identity or using a fake one. An example of this would be email spoofing where the hacker uses a fake email in place of a genuine one to get access to the user's information. A spin on this method is what is called IP Spoofing. As with email spoofing, the hacker hides his IP address from being tracked allowing him or her to carry out their deeds without fear of being caught. An IP address is just like a postal address for your house, but an IP address is for your computer. Every computer has one of these if the user is on the Internet network, and each one is unique. Safeguard solution
: Vigilance is the greater defense, spoofing is a hard attack to nail down. Be sure to question the authenticity of unsolicited emails.
The FBI report goes on to explain some common sense ways to help protect against attacks and identity thefts using what the FBI calls Defense in Depth suggesting multi-layers of security. For example, an up-to-date firewall and anti-virus, malware protection and the use of an intrusion detection program which alerts the user when someone or a piece of software is trying to make unauthorized changes to your system or network. Change passwords often and don't use passwords from your life, and don't re-use passwords. The report also offered some useful links to help educate you and your family on the best practices of staying safe while surfing social networks on the web.