“If you put information on a social networking site, assume it’s not private”, said Hamiel. “If you give your credit card to Facebook, you deserve to fail”, added Moyer.
Social networking sites are an ideal target for cyber-criminals. With millions of users, (Facebook is now in the top 10 most visited sites daily,) there are plenty of users to target.
“Applications are social networks biggest problems”, Moyer argued. “By adding an application, you allow the owner of the application to access all of your profile information. They can then keep your information offline, and can hang on to it”.
Hamiel added that social networking applications are coded by people “who really shouldn’t be coding”.
Adding applications can also reveal a lot about a person, which can be used for marketing purposes.
“Social engineering on social networks is diamond-tipped spear-phishing. It gives great ROI for targeted attacks”.
Profiling well-known people is trivial on social networking sites, as Moyer and Hamiel proved when experimenting with a well-known person within the industry. With his permission, they set up a profile and to add legitimacy, invited others within the industry to be his ‘friend’. Within twenty-four hours, many CSOs, CISOs, CISSPs, a journalist on a well-known security publication, and even his own sister had accepted his friend request.
This serves to prove that even the infosec savvy can be fooled.