When it comes to social networking, it’s not what you know, or even who you know, it’s who knows you. And that’s pretty much where the trouble starts.
Social networks like FaceBook, Twitter, MySpace, and LinkedIn are the increasingly popular community services that are designed to help people stay in touch. According to Nielsen Company research, more than two-thirds of the world’s Internet population visit social networking sites at least once a month, and nearly 10 percent of all time spent online is devoted to social networking.
With growth this fast, a reach this large, and a community of relatively undisciplined users, social networks are attracting scammers and criminals. The bulk of social networkers are between the ages of 18 and 49 — prime employment years, and ages where a mistake today could haunt the networker for many years into the future.
Employment. Saying the wrong thing online can lead to career suicide, especially since employers and prospective employers are likely to see what you say. There’s also liability issues if you say something about an employer. Someone who might be in litigation with your company could use your statements against them.
Reputation. Something you say now could haunt you for years into the future. People have been known to post the most inappropriate things, which then stick with them for years. Imagine dating someone and having them do a Google search and the first thing they find is the day you got dumped. You posted about how much you hate the opposite sex. Or something you did that was borderline illegal.
If you want a big job, sometime in the future, these posts could keep you out of the game. I wonder, will a log of Twitter or Facebook postings provide future “pal-ing around with terrorists” albatrosses for candidates in 2012 and beyond?
Malware. Malware, phishing, and identity scams can cause you serious financial loss. Posting personally identifiable information helps criminals build a profile about you, and enough awareness about your friends, interests, habits that they can pose as someone you know and con you out of way too much money.
If you have ever received E-mails claiming to be from your E-mail providers claiming they were going to delete all of your E-mail unless you “take action” by sending them your user name and password, it’s a scam. Even if it weren’t, which would be worse: Losing all your E-mail, or letting some criminal have access to your E-mail identity and then retrieving passwords to your banking system? But no legitimate provider will ever, ever, ever ask you for your user name and password. Ever.
Even if you use good security software, such as Norton, and keep it updated, you are still vulnerable to attack, and that’s something scary. Much of the security source code for our anti-virus and anti-malware products has been provided to nation states like China as a condition of being allowed to sell into their country. Of course, those countries are often the ones that do the online scamming and penetration, so it’s kind of like hanging your house key on a ribbon on your front door.
One of the most common scam is called phishing, where a criminal organization tries to fool you into thinking you are on your bank’s website when in fact, you’re typing everything they need to suck you dry into a clone that looks identical. There’s a form of phishing called “spear phishing” where criminals are targeting specific individuals by gathering lots of detailed information and using that in the scam.
Don’t give out personally identifiable information and don’t go to your bank’s website from an E-mail or Facebook posting. Keep updating virus definitions and keep paying attention to the security space as more and more information is known. This is an arms race and as the good guys develop protections, the bad guys develop penetrations, and so on.
Physical security and stalking. Social networks give stalkers and other scary people an almost minute-by-minute update on your habits and haunts. Even thinking about that is scary.
The potential for horror is enormous. If a criminal can easily find out where you are, what stores you frequent, what your daily habits are, who your friends are, and even what your personal food, entertainment, and beverage preferences are, you can be targeted with a level of ease never before possible.
I strongly recommend being somewhat circumspect with your movements. If you want to tell people you’re going to a restaurant, it’s perfectly fine to tweet “I’m going to the restaurant.” But don’t specify which one. There’s no good reason to be that public about your movements.
Remember, Twitter and Facebook aren’t relations just between you and your friends. Everyone can see what you say.
Imagine if you’ve got a jilted boyfriend or someone who’s been stalking you. Back before I was married, I dated my share of wackos and had one or two scary stalking situations. Now, I’m a big guy and can handle just about anything, but if you’re not able to protect yourself, letting someone who’s out to do you harm know exactly where you are is dangerous.
Even letting people know where you’ve been can be an issue if a habit profile can be derived. Better safe than sorry. Besides, how many people really need to know what you had for lunch today?
Short answer on protecting yourself are these two rules: think before you post and don’t post personally identifiable information like addresses, phone numbers, and especially birthdays.
Harmless friends? I think the term “friend” in Facebook is a real problem because somewhere, deep down in our animal brain, once we hear “friend,” we think the people on the list are people to trust. I’d far preferred Facebook use the term “contact” or “connection” or even “people I know.” Also, now that people “friend” me, I have to think about who of these people I want to have it known are my friends.
I wrote in FrontLine Security that I don’t use Facebook all that much, but generally have allowed fans to “friend” me because it just seemed polite to honor their enthusiasm for my work.
But when I looked at one fan who asked to friend me — who happened to be from Europe — I noticed that his Facebook page said he was a member of the Communist Party. I work with homeland security, law enforcement, and am part of a special FBI program. The last thing I want is a friend who is a Communist.
I had another instance of a fan whom I’d allowed to friend me who suddenly sent me an invitation to attend his birthday party, where (and this was obviously a joke) “turning 27 means party hats, heroin, and dead hookers.” Even in jest, I can’t have someone who says stuff like that as a friend or even a “friend.”
In both cases, I didn’t know these people.
There are a bunch of other risk areas, but I really think the questions asked like “What’s on your mind?” and “What are you doing?” can be the most risky. It’s certainly never, ever a good idea for me to share what’s actually on my mind. Although, sadly, if you really were able to look inside my head, you’d probably see a mix of images of my wife, big, juicy steaks, chocolate, and the latest PlayStation games.
Staying safe. It’s really pretty simple. Be smart. If you wouldn’t run naked through your local town hall or library, you probably shouldn’t do the verbal equivalent online.
Be a little paranoid. If you wouldn’t give your car keys to every stranger you encounter, don’t give your passwords out to every E-mail you get. If you wouldn’t bring someone’s can full of rotting garbage into your home just because they asked, don’t open attachments or run programs just because someone asks you.
As Ronald Reagan once said, “Trust, but verify.” Keep an open mind, but don’t let an open mind also be an open wallet or open computer.
A native of Fair Lawn, Gewirtz earned his bachelor’s in computer science at Worcester Polytechnic in Massachusetts in 1982.
He was in the Ph.D. program in computer science at Berkeley before leaving to be a middle manager at a Silicon Valley startup, Pyramid Technologies, and then went to Living Videotext, owned by Symantec.
Gewirtz wrote articles and books on the potential of digital commerce as early as 1992 and was featured in U.S 1 in April, 1993, after he started two companies in Princeton — Component Software and Product Power.
Gewirtz is the editor-in-chief of ZATZ Publishing, originally based on Route 206 in Skillman and now in Florida. He publishes five online magazines dedicated to digital technologies and 14 guides to various computer issues.
Gewirtz can be reached via E-mail at firstname.lastname@example.org.