Safe Online Social Networking
Online social networking is the interaction with external websites or service based on participant contributions to the content. It has gained enormous popularity, especially among young people. Websites such as Facebook, Instagram, MySpace, Twitter, etc. let you communicate with friends and strangers online, and build networks of friends linked by shared hobbies and interests. If used responsibly, these sites can be a positive and beneficial resource.
Consider social networking in cyberspace the same as your network of friends in real life, but when online you are exposed to additional risks. These risks include: privacy threat, malicious content or malware, social-engineering attacks, identity theft, cyber-stalking or cyber-bullying, and online grooming. It is important to understand the potential security risks and know what precautions to take to protect yourself and your information.
Privacy Threat
Social networking sites are online communities of Internet users who want to communicate with other users about areas of mutual interest. The functionality of the various sites may differ, but in general, the sites allow you to provide personal information for everyone to see by offering various types of communication method such as chat room, instant messaging, email, forum, etc. These forms of communication also bring privacy issues by placing too much of personal information which malicious people may take advantage of you. That could lead to a dangerous situation. There is no technology that can effectively protect content once it is publicly accessible. You should learn how to protect your privacy. The followings are some good practices on privacy protection:
DO'S
Set a strong password to reduce the risk of stolen account;
Learn how to use the site’s privacy settings. Usually the default setting is to allow anyone to see your profile. You shall customise your settings to restrict access to only authorised people;
Adopt additional security measures such as enabling multi-factor authentication and login notification, if available;
Be cautious about whom you allow to contact you or how much and what type of information you share with strangers online;
Take the time to read and understand the privacy policies that are published on social networking sites. These documents may include types of information that they will reveal or disclose to other parties. Do not use the services if you have doubt or disagree with the terms;
Post only information that you are comfortable with others seeing — and knowing — about you;
Use separate email accounts for registration on a social networking site and your personal communication;
If you no longer need an account and there is private information in it, deactivation is not sufficient. You should submit a request to the official website for account deletion.
DON'TS
Do not post personal information such as your address, date of birth, personal IDs, telephone number, credit card number or information about your schedule or routine. If not necessary, do not disclose your full name;
Do not use easily guessable password or the same password for various social networking sites. Malicious people may be able to access your personal profile or pretend to be you if your password is compromised. Change your password immediately if you suspect anything goes wrong in your account;
Do not share your account and password with others;
Do not trust everything you read online especially from strangers. People may post false or misleading information even their own identities.
Malicious Content or Malware
Social networking sites are growing in popularity as attack vectors because of the volume of users and the amount of personal information that is posted. Attacker may make use of this channel to spread malicious content or malware. Attackers are able to create customised applications that appear to be legitimate while infecting your computer without your knowledge. The followings are some ideas to avoid malicious exploits:
DO'S
Install anti-malware software, enable real-time protection and keep the signature files up-to-date;
Enable spam filtering function where applicable, some of the social networking sites may provide spam control plug-ins to filter out comment spam;
Regularly look for software applications news and updates directly from the vendor’s website;
Before accepting an application, verify its safety by checking the information and reviews of it;
Regularly check the settings of applications that you used or allowed. Remove applications that you no longer need.
DON'TS
Do not post personal information such as your address, date of birth, personal IDs, telephone number, credit card number or information about your schedule or routine. If not necessary, do not disclose your full name;
Do not click on unsolicited links from stranger or sources you do not know. Nevertheless, even you are visiting pages of someone you know, always be cautious when clicking on links or photos, because links, images or other file formats may include malicious code;
Social-Engineering Attacks
Social networking sites build online communities of people with certain level of interpersonal trust. Malicious people leverage the networks of trust to explore the trust relationships of a victim by scrutinising the data of the victim unwittingly. In addition, attacks like malwares, trojans or rumours can be spread easily and rapidly with the use of some social-engineering skills. The followings are some ideas to avoid social-engineering attack:
DO'S
If the social networking site allows you to adjust how much information about you is available, for instance, by allowing only close friends to view your profile, consider using this feature;
Just keep your network to people you really do know. There is no need to add as many friends as you can. The person with the most "friends" is not necessarily the winner in social networking;
Be cautious to the links that are posted on the social networking sites. A malicious website may look very much alike to a legitimate site with only a tiny variation in spelling or a different domain (e.g., .com vs .net).
DON'TS
Do not post personal information that might be used by other sites such as credit card or bank site to verify your identity. Although some of these information may seem harmless (e.g. your pet’s name), they actually may provide rich pickings for criminals. Malicious people might be able to gather those information to impersonate you to gain access to your sensitive information;
Do not send sensitive information over the Internet before verifying a site’s validity and security, and use a secure channel if available;
Do not click on the links that appear to be sent from your friend list. It is easy for people on social networking sites to impersonate someone else, such as one of your friends or acquaintances, or to misrepresent the facts about themselves including age, gender, and intentions;
Do not trust someone you have just met online any more than you would trust a stranger encountered on the street.
Online Grooming
Online grooming is the working to gain the trust of children and youngsters, often with the goal of gaining sexual relationship, through the use of online technology such as the Internet and in particular chat rooms. The followings are some ideas to avoid being online groomed:
DO'S
Block or ignore unwanted people that you do not trust;
Keep a record of your online conversations. It will ensure you have evidence if you run into problems later;
Be cautious to people that encourage you to chat from open forum or chat room to private one;
If a situation places you in fear, consult your parents or teachers and contact the police if consider appropriate.
DON'TS
Do not give out any personal information about yourself, such as gender and age, to people that you do not know;
Do not respond to any conversations that focus on age inappropriate content;
Do not meet face-to-face with online acquaintances that you do not know well. Be aware that information people post about themselves on the Internet may not be true. Going alone to meet strangers can be dangerous. If you choose to meet, do so in a public place and take along a friend that you can trust;
Do not respond to any opportunities offered by strangers such as quick money, modeling etc.
Some Other Tips
Do not participate in doxxing acts, for example, publishing or re-posting any message that appears to be related to doxxing on the Internet or social media.
Be aware that you may be held responsible for any inappropriate content you posted;
Keep a balance of your time spending on social networking and do not become addicted to such activities;
Respect other people’s content and be aware that if you post or share their content, it might breach copyright laws;
Social networking sites are becoming a prime platform for identity fraudsters. Perpetrators could use widespread e-mail chains and spamming to commit an Internet fraud. You have to learn how to recognise an
Internet fraud.
