Advice for safer access to Facebook, Twitter, and other social networking sites

According to F-Secure, the veteran IT security vendor, this was illustrated by last week's widely-reported distributed denial of service (DDOS) attack on Twitter, Facebook, and other sites.

Mikko Hypponen, F-Secure's chief research officer, said that, although this attack was targeted at a specific person, it affected the whole social networking community.

"We may never know who was behind the Cyxymu attack, however they had access to significant bandwidth", he said.

Hypponen added that communication through Facebook is all about personal connections and communities of friends. It involves a high level of trust, he said.

"When you receive a message on your wall from one of your Facebook friends, it's very different to receiving an anonymous email or spam message", he said.

"It is precisely this trusted environment - and the 250 million users - that makes Facebook such a tempting target for criminals", he added.

According to Hypponen, phishing and financial scams are based on creating a false sense of trust with the target of the attack, enabling the criminals to gain access to valuable information or direct financial gain.

Sean Sullivan, a security advisor at F-Secure, said that weak passwords provide a common way for criminals to hack into social networking sites such as Facebook and Twitter.

Their aim, he explained, is to harvest contact lists, phone numbers and other information which they can sell to spammers or use in targeted attacks to make money.

"The damage caused by a hacked Facebook account is all the greater if the same password is also used for the user's email account", he said.

"This means the criminals can easily reset all the user's online passwords, get information about banking details and find answers to security challenge questions. Sometimes the answers to personal security questions, for example middle names, house addresses and pets' names, can even be found directly on Facebook", he added.

Sullivan went on to say that, in many cases, Facebook users use the same password as their email accounts.

Because of this, he said it is essential that different passwords are used for logging into personal email accounts and for logging into Facebook, Twitter, and other social networking sites.

"It's also a good idea to have different primary email, business email, social network email accounts", he added.

Sullivan said that, this year there has been a series of bogus messages on Facebook from `friends' asking for financial help.

Because of this, he advised that Facebook users should always treat such requests with caution and make a thorough identity check before sending any money, even when the messages appear to come from a family member or other trusted person.

"There is also a positive security aspect to the social networking sites. Unlike classic email scams like chain letters which can run for years, the wisdom of the networked Facebook crowd means that users can quickly become aware of the latest security threats", he said.

"The community is good for publicising useful security information and for taking rapid self-corrective action against security vulnerabilities", he added.

F-Secure's tips for safer social networking:

  • ALWAYS have separate and secure passwords for your email and social networking sites.
  • If you become aware of a Facebook security problem, post about it on your Wall so the community can take preventive action.
  • Pick your friends wisely and have a security guru among your friends!
  • If you are on Facebook, use the F-Secure page to get the latest news

What’s Hot on Infosecurity Magazine?