October 27, 2015

Cyber Tip: Social Media and the Use of Personal Information

National Cyber Security Awareness Month

A logo box for National Cyber Security Awareness Month

The myriad of social networking websites currently available have hundreds of millions of registered users. But just like any kind of cyberspace communication, using social media can involve some risk.

Once a user posts information to a social networking site, that information can no longer be considered private and can be used for criminal purposes. Even if you use the highest security settings on your account, others may—intentionally or not—leak your information. And once in the hands of criminals, this personal information can be used to conduct all kinds of cyber attacks against you or your family members, friends, or business associates in an effort to obtain additional and even more sensitive personal information.

For example, cyber criminals often craft very convincing spear phishing campaigns leveraging information found on social media to obtain more sensitive personal information. Spear phishers target select groups of people with something in common—i.e., they work at the same company, bank at the same financial institution, attend the same college, or order merchandise from the same website. Authentic-looking e-mails are sent to potential victims—ostensibly from organizations or individuals they would normally get e-mails from—asking the recipients to click on embedded links in the e-mail. These links lead to official-looking websites, where victims are asked, for a variety of urgent and legitimate-sounding reasons, to input personal information like passwords, account numbers, user IDs, and PINs. The result? Criminals can get hold of your banking credentials and credit cards numbers, download malware onto your computer, gain access to sensitive company data, and/or hijack your computer for other nefarious purposes.

Criminals who troll social networking sites looking for information or people to target for exploitation run the gamut—from sexual predators, hackers, and financial fraudsters to business competitors and foreign state actors.

There are several ways you can minimize the risks associated with posting information on social networking sites and the subsequent theft of more sensitive data, from using two-factor authentication and monitoring your children’s use of the Internet to never clicking on a link embedded in a social media message or e-mail. View additional tips and information.