Accessibility Links

Accessibility Links

Infosec
English 繁體版 简体版

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
general user youngsters and students parents and teachers IT professionals sme

Navigation Menu 2

 

  

 
 

Safe Online Social Networking

Online social networking is the interaction with external websites or service based on participant contributions to the content. It has gained enormous popularity, especially among young people. Websites such as Facebook, Instagram, MySpace, Twitter, etc. let you communicate with friends and strangers online, and build networks of friends linked by shared hobbies and interests. If used responsibly, these sites can be a positive and beneficial resource.

Consider social networking in cyberspace the same as your network of friends in real life, but when online you are exposed to additional risks. These risks include: privacy threat, malicious content or malware, social-engineering attacks, identity theft, cyber-stalking or cyber-bullying, and online grooming. It is important to understand the potential security risks and know what precautions to take to protect yourself and your information.

1.

Privacy Threat

   
 

Social networking sites are online communities of Internet users who want to communicate with other users about areas of mutual interest. The functionality of the various sites may differ, but in general, the sites allow you to provide personal information for everyone to see by offering various types of communication method such as chat room, instant messaging, email, forum, etc. These forms of communication also bring privacy issues by placing too much of personal information which malicious people may take advantage of you. That could lead to a dangerous situation. There is no technology that can effectively protect content once it is publicly accessible. You should learn how to protect your privacy. The followings are some good practices on privacy protection:

  • DOs:

    • Set a strong password to reduce the risk of stolen account;
    • Learn how to use the site’s privacy settings. Usually the default setting is to allow anyone to see your profile. You shall customise your settings to restrict access to only authorised people;
    • Adopt additional security measures such as enabling multi-factor authentication and login notification, if available;
    • Be cautious about whom you allow to contact you or how much and what type of information you share with strangers online;
    • Take the time to read and understand the privacy policies that are published on social networking sites. These documents may include types of information that they will reveal or disclose to other parties. Do not use the services if you have doubt or disagree with the terms;
    • Post only information that you are comfortable with others seeing — and knowing — about you;
    • Use separate email accounts for registration on a social networking site and your personal communication;
    • If you no longer need an account and there is private information in it, deactivation is not sufficient. You should submit a request to the official website for account deletion.

  • DON’Ts:

    • Do not post personal information such as your address, date of birth, personal IDs, telephone number, credit card number or information about your schedule or routine. If not necessary, do not disclose your full name;
    • Do not use easily guessable password or the same password for various social networking sites. Malicious people may be able to access your personal profile or pretend to be you if your password is compromised. Change your password immediately if you suspect anything goes wrong in your account;
    • Do not share your account and password with others;
    • Do not trust everything you read online especially from strangers. People may post false or misleading information even their own identities.

   

2.

Malicious Content or Malware

   
 

Social networking sites are growing in popularity as attack vectors because of the volume of users and the amount of personal information that is posted. Attacker may make use of this channel to spread malicious content or malware. Attackers are able to create customised applications that appear to be legitimate while infecting your computer without your knowledge. The followings are some ideas to avoid malicious exploits:

  • DOs:

    • Install anti-malware software, enable real-time protection and keep the signature files up-to-date;
    • Enable spam filtering function where applicable, some of the social networking sites may provide spam control plug-ins to filter out comment spam;
    • Regularly look for software applications news and updates directly from the vendor’s website;
    • Before accepting an application, verify its safety by checking the information and reviews of it;
    • Regularly check the settings of applications that you used or allowed. Remove applications that you no longer need.

  • DON’Ts:

    • Do not click on unsolicited links from stranger or sources you do not know. Nevertheless, even you are visiting pages of someone you know, always be cautious when clicking on links or photos, because links, images or other file formats may include malicious code;
    • Do not accept to download and install applications or plugs-ins that you do not know well.

   

3.

Social-Engineering Attacks

   
 

Social networking sites build online communities of people with certain level of interpersonal trust. Malicious people leverage the networks of trust to explore the trust relationships of a victim by scrutinising the data of the victim unwittingly. In addition, attacks like malwares, trojans or rumours can be spread easily and rapidly with the use of some social-engineering skills. The followings are some ideas to avoid social-engineering attack:

  • DOs:

    • If the social networking site allows you to adjust how much information about you is available, for instance, by allowing only close friends to view your profile, consider using this feature;
    • Just keep your network to people you really do know. There is no need to add as many friends as you can. The person with the most "friends" is not necessarily the winner in social networking;
    • Be cautious to the links that are posted on the social networking sites. A malicious website may look very much alike to a legitimate site with only a tiny variation in spelling or a different domain (e.g., .com vs .net).

  • DON’Ts:

    • Do not post personal information that might be used by other sites such as credit card or bank site to verify your identity. Although some of these information may seem harmless (e.g. your pet’s name), they actually may provide rich pickings for criminals. Malicious people might be able to gather those information to impersonate you to gain access to your sensitive information;
    • Do not send sensitive information over the Internet before verifying a site’s validity and security, and use a secure channel if available;
    • Do not click on the links that appear to be sent from your friend list. It is easy for people on social networking sites to impersonate someone else, such as one of your friends or acquaintances, or to misrepresent the facts about themselves including age, gender, and intentions;
    • Do not trust someone you have just met online any more than you would trust a stranger encountered on the street.

   

4.

Identity Theft

   
 

Identity theft is a form of fraud in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name. Social networking sites typically do not authenticate new members. The people you meet on a site may not be who they claim to be. Malicious people may impersonate celebrities, corporations, government officials, etc. to persuade users to visit these fake profile pages to their advantage. They may also steal your personal information to masquerade as you online. The followings are some ideas to avoid being a victim of identity theft:

  • DOs:

    • Be judicious when accepting a friend’s request, following a friend, or joining a group;
    • Check the authenticity of the account by all means to ensure you know who you are connecting with;
    • Report to the service provider or related authorities if suspect any fake user profile;
    • Regularly check your account to identify any suspicious activity;
    • Report to the service provider and police if you suspect your personal account is hijacked or being impersonated by others.

  • DON’Ts:

    • Do not try to impersonate other people;
    • Do not rush to accept invitation from someone seems you know;
    • Do not give out your personal information unless you know whom you contact is the genuine user.

   

5.

Cyber-stalking or Cyber-bullying

   
 

Cyber-stalking or cyber-bullying is a situation when someone is repeatedly tormented, threatened, harassed, humiliated, embarrassed or otherwise targeted by another person using text messaging, email, instant messaging or any other type of digital technology. Cyber-stalking or cyber-bullying is unwelcome behaviour that is intrusive and unnerving for the victim. Cyber-stalkers or cyber-bullies often will monitor the victim's online activities and attempt to gather more information about their victims. Be aware that your Internet activity always leaves a trail -- and one far more traceable than you might imagine. The followings are some ideas to avoid being cyber-stalked and cyber-bullied:

  • DOs:

    • Post only information that you are comfortable with others seeing — and knowing — about you;
    • Block or ignore unwanted people that you do not trust;
    • Keep a detailed account of all the stalkers or bullies activities;
    • If a situation places you in fear, consult someone you trust and contact the police if consider appropriate;
    • Use separate email accounts for registration on a social networking site and your personal communication;
    • Create different user lists and allow only authorised users to view your online status. Log out the systems if a situation online that has become hostile.

  • DON’Ts:

    • Do not post anything which could be used to embarrass you;
    • Do not share personal information, in public spaces anywhere online, nor give it to strangers, including in email or chat rooms;
    • Do not post personal information as part of any user profiles;
    • Do not respond to online provocation;
    • Do not confront the stalker, this could only arouses more anger or emotional attacks;
    • Do not respond to cyber-bullies, as this may usually encourage more bullying messages being received.

   

6.

Online Grooming

   
 

Online grooming is the working to gain the trust of children and youngsters, often with the goal of gaining sexual relationship, through the use of online technology such as the Internet and in particular chat rooms. The followings are some ideas to avoid being online groomed:

  • DOs:

    • Block or ignore unwanted people that you do not trust;
    • Keep a record of your online conversations. It will ensure you have evidence if you run into problems later;
    • Be cautious to people that encourage you to chat from open forum or chat room to private one;
    • If a situation places you in fear, consult your parents or teachers and contact the police if consider appropriate.

  • DON’Ts:

    • Do not give out any personal information about yourself, such as gender and age, to people that you do not know;
    • Do not respond to any conversations that focus on age inappropriate content;
    • Do not meet face-to-face with online acquaintances that you do not know well. Be aware that information people post about themselves on the Internet may not be true. Going alone to meet strangers can be dangerous. If you choose to meet, do so in a public place and take along a friend that you can trust;
    • Do not respond to any opportunities offered by strangers such as quick money, modeling etc.

   

7.

Some Other Tips

   
 
  • Be aware that you may be held responsible for any inappropriate content you posted;
  • Keep a balance of your time spending on social networking and do not become addicted to such activities;
  • Respect other people’s content and be aware that if you post or share their content it might breach copyright laws;
  • Phishing is a common vehicle of crimes in social networking communities: Learn how to protect yourself from phishing attacks;
  • Social networking sites are becoming a prime target for identity fraudsters. Perpetrators could use widespread e-mail chains and spamming to commit Internet fraud. You have to learn how to recognise an Internet fraud.

 
 
     
Back back to topTop
 

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
 
General Users Youngsters & Students Parents & Teachers IT Professionals SME