11 tips for social networking safety

---

By admin | 17/04/2015 | Category General

 

Social networking websites like MySpace, Facebook, Twitter, and Windows live and other social networks are services people can use to connect with others to share information like photos, videos, and personal messages.

As the popularity of these social sites grows, so do the risks of using them. Hackers, spammers, virus writers, identity thieves, and other criminals follow the traffic.

Read these tips to help protect yourself when you use social networks.

Use caution when you click links that you receive in messages from your friends on your social website. Treat links in messages on these sites as you would links in email messages

Know what you’ve posted about yourself. A common way that hackers break into financial or other accounts is by clicking the “Forgot your password?” link on the account login page. To break into your account, they search for the answers to your security questions, such as your birthday, home town, high school class, or mother’s middle name. If the site allows, make up your own password questions, and don’t draw them from material anyone could find with a quick search. (Please read the following as this maybe you?)

You wouldn’t post your credit card number on your blog.

You wouldn’t post your bank account number on your Facebook page.

You wouldn’t respond to a stranger’s e-mail request with your current address.

But, have you considered how you protect that information?

In a recent Scientific American article, How I Stole Someone’s Identity, Herbert H. Thompson describes how a casual acquaintance gave him permission to try to break into her bank account using only few facts that he knew about her, plus the information that was freely available on her blog and an online resume.

Using “forgotten password” questions, he broke in easily.

You know, those questions that you need to answer when you forget your password—your mother’s maiden name, the street you grew up on, name of your first pet.

According to several news reports, last week a hacker broke into the personal e-mail account of Republican vice presidential candidate Sarah Palin using the same technique. According to the Wired Threat Level blog, Palin’s password question was “Where did you meet your husband?” The hacker did some research and some guessing and came up with the answer – “Wasilla High.”

What I learned from these two articles is that we should be very careful when we choose those password recovery questions.

The questions are usually pretty random, but sometimes we provide the answers to the world at large on our blogs and social networking sites.

After I read this article, I checked my accounts and changed my questions.

What is screen scraping?

Screen scraping is the act of taking all the information that a person has posted on their Web site or social networking page and then using the information to break into the user’s account or to commit some other fraud involving identity theft.

Social networking Web sites such as Facebook have grown exponentially in the past few years, and it’s not uncommon for people to post personal pictures and reveal personal information about themselves. People often prefer Facebook to traditional blogs because information is usually only available to people that they choose. However, if cybercriminals gain access to your Web site or social networking page, they can use screen scraping to steal your information and can pose as you. For more information about this type of scam, please always remember Scammers really exploit Facebook friendships and other social networks.

You can use strong passwords and learn techniques to avoid social engineering scams, but the best way to prevent the negative effects of screen scraping is to minimize the amount of information that you post online.

Here are a few tips:

-Do not post anything online that you would not want made public.

– Minimize details that identify you or your whereabouts.

– Keep your account numbers, user names, and passwords secret.

Take charge of your online reputation

Chances are you already have a reputation online, even if you don’t want one. On websites across the Internet, people can find information about you.

You should be aware of your online reputation so you can protect it.

This is important for both kids and adults. Some colleges and employers check the web to learn about potential candidates, and because web content is accessible to anybody who searches for it, information can be interpreted in ways you never intended.

And online content can surface even years after it’s posted.

Monitor your online reputation

First, find out what information is already on the Internet and assess the impression it leaves on people.

Follow these tips to monitor and evaluate your online reputation:

Search your name. Begin by typing your first and last name into several popular search engines to see where you are mentioned and in what context.

Focus your search. To get more precise results, put quotation marks around your name, so that the search engine reads your name as a phrase and not as two or more unrelated words that just happen to appear in the text. If you find other people who share your name, you can eliminate many false hits by using keywords. You can add keywords that apply only to you, such as your city, your employer, or a hobby.

Search all of your names. If you have ever used a different name, if you use your middle name or initial, if you use a nickname, or if your name is frequently misspelled, search all variations to make sure you don’t miss anything important.

Expand your search. Use similar techniques to search for your telephone numbers, home address, email addresses, and personal website domain names. You should also search for your social security and credit card numbers to make sure they don’t appear anywhere online.

Target specific sites. Check online phone directories, genealogy sites, alumni sites, the websites of organizations to which you belong or donate time or money, and other sites that compile personal, professional, or contact information about people.

Read blogs. If any of your friends, family members, or coworkers have blogs or personal webpages on social networking sites, check them out to see if they are writing about you or posting pictures of you.

Sign up for alerts. Use the feature, provided by some search engines, that automatically notifies you of any new mention of your name or other personal information.

Protect your online reputation

These tips can help you manage and protect your online reputation:

Safeguard your personal information. A basic strategy to avoid identity theft and online fraud is to keep your personal information private when you go online. Be equally careful about sharing information offline, and be sure you know how organizations will use your information before you give it to them.

Use privacy settings. Most social networking and photo-sharing sites allow you to determine who can access and respond to your content. If you’re using a site that doesn’t offer privacy settings, find another site.

Don’t mix your public and private lives online. Use different email addresses for different online activities to help keep your public and private lives separate.

Choose your photos thoughtfully. Whether you’re a child or an adult, make sure potential colleges or employers can’t search the web and find photos that make you look irresponsible.

Watch your language and content. You should always assume that anyone can read anything you’ve written online.

Take action. If you find information about yourself online that is unflattering, embarrassing, or untrue, contact the website owner or administrator and ask them to remove it. Most sites have policies to deal with such requests.

Don’t trust that a message is really from who it says it’s from. Hackers can break into accounts and send messages that look like they’re from your friends, but aren’t. If you suspect that a message is fraudulent, use an alternate method to contact your friend to find out. This includes invitations to join new social networks.

To avoid giving away email addresses of your friends, do not allow social networking services to scan your email address book. When you join a new social network, you might receive an offer to enter your email address and password to find out if your contacts are on the network. The site might use this information to send email messages to everyone in your contact list or even everyone you’ve ever sent an email message to with that email address. Social networking sites should explain that they’re going to do this, but some do not.

Type the address of your social networking site directly into your browser or use your personal bookmarks

If you click a link to your site through email or another website, you might be entering your account name and password into a fake site where your personal information could be stolen.

 How to recognize a scam

 New scams seem to appear every day. We try to keep up with them in our Security Tips & Talk blog. To see the latest scams, browse through our fraud section. In addition, you can learn to recognize a scam by familiarizing yourself with some of the telltale signs.

Scams can contain the following

Alarmist messages and threats of account closures.

Promises of money for little or no effort.

Deals that sound too good to be true.

Requests to donate to a charitable organization after a disaster that has been in the news.

Bad grammar and misspellings.

Popular scams

Scams that use the Microsoft name or names of other well-known companies. These scams include fake email messages or websites that use the Microsoft name. The email message might claim that you have won a Microsoft contest, that Microsoft needs your logon information or password, or that a Microsoft representative is contacting you to help you with your computer. (These fake tech-support scams are often delivered by phone.)

Lottery scams

You might receive messages that claim that you have won the Microsoft lottery or sweepstakes. These messages might even look like they come from a Microsoft executive. There is no Microsoft Lottery. Delete the message.

These email messages are designed to engage you in a dialogue with the goal of persuading you to send them money. Once you’ve sent the money, the perpetrator will often re-contact you with a different story to convince you to pay more money to access the cash prize.

In order to access the fictitious prize, the criminal might ask you to pay a sum of money in advance to cover costs such as tax fees, courier services, United Nations clearance checks, attorney fees, and many others. The criminal often seems believable, and their methods are very creative. They use well-known company brands and personalities such as Microsoft and Bill Gates to lend credibility and authenticity to their email messages.

These email messages are designed to engage you in a dialogue with the goal of persuading you to send them money. Once you’ve sent the money, the perpetrator will often re-contact you with a different story to convince you to pay more money to access the cash prize.

Rogue security software scams

Rogue security software, also known as “scareware,” is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure you into participating in fraudulent transactions. These scams can appear in email, online advertisements, your social networking site, search engine results, or even in pop-up windows on your computer that might appear to be part of your operating system, but are not.

Get a security update, tool, or scan

• Security updates
• Complimentary antivirus, antispyware program
• Complimentary PC safety scan
• Download Malicious Software Removal Tool– Boost your malware defence– Prevent spyware
• Protect myself from scams
• – Watch out for fake virus alerts
• Protect my computer

• Email and web scams
• Avoid the fake Microsoft Lottery scam
• Avoid phishing scams
• Protect my personal information

• Protect your privacy on the Internet
• Your information on the Internet
• Take charge of your online reputation
• Create strong passwords

• Check your password
• Create strong passwords
• Protect my kids from online risks

• Help kids use social media websites
• Teach kids online security basics
• Use family safety settings

Watch out for fake virus alerts

Rogue security software, also known as “scareware,” is software that appears to be beneficial from a security perspective but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions.

How does rogue security software get on my computer?

Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the web.

The “updates” or “alerts” in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer.

Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer.

What does rogue security software do?

Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect.

Some rogue security software might also:

• Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
• Use social engineering to steal your personal information.
• Install malware that can go undetected as it steals your data.
• Launch pop-up windows with false or misleading alerts.
• Slow your computer or corrupt files.
• Disable Windows updates or disable updates to legitimate antivirus software.
• Prevent you from visiting antivirus vendor websites.

Rogue security software might also attempt to spoof the Microsoft security update process. Here’s an example of rogue security software that’s disguised as a Microsoft alert but that doesn’t come from Microsoft.

Example of a warning from a rogue security program known as Antivirus XP

For more information about this threat, including analysis, prevention and recovery, see the Trojan:Win32/Antivirusxp entry in the Malware Protection centre encyclopaedia there you should find a knowledge base explaining the nature of the threat. If you are not computer savvy it is best to have your local technician look at it.

Screenshot of legitimate Microsoft Windows Security centre

To help protect yourself from rogue security software:

• Install a firewall and keep it turned on.
• Use automatic updating to keep your operating system and software up to date.
• Install antivirus and antispyware software such as Microsoft Security Essentials or any trusted virus protection software and keep it updated. If your antivirus software does not include antispyware software, you should install a separate antispyware program , Contact your local IT technician to seek advise
• Use caution when you click links in email or on social networking websites.
• Use a standard user account instead of an administrator account.
• Familiarize yourself with common phishing scams.

Scan your computer. Use your antivirus software or do a full scan with the scanner checks for and removes viruses, eliminates junk on your hard drive, and improves your PC’s performance if or once the infection is removed.

 

Check your accounts. If you think you might have entered sensitive information, such as credit card numbers or passwords into a pop-up window or at a rogue security software site, you should monitor your associated accounts.

If you suspect that your computer is infected with rogue security software that is currently not detected with Microsoft security solutions or your antivirus software your best option is to seek advice from your local IT technician

Be selective about who you accept as a friend on a social network.

Identity thieves might create fake profiles in order to get information from you.

Choose your social network carefully.

Evaluate the site that you plan to use and make sure you understand the privacy policy. Find out if the site monitors content that people post. You will be providing personal information to this website, so use the same criteria that you would to select a site where you enter your credit card.

Assume that everything you put on a social networking site is permanent.

Even if you can delete your account, anyone on the Internet can easily print photos or text or save images and videos to a computer.

Be careful about installing extras on your site.

Many social networking sites allow you to download third-party applications that let you do more with your personal page. Criminals sometimes use these applications to steal your personal information. To download and use third-party applications safely, take the same safety precautions that you take with any other program or file you download from the web.

Think twice before you use social networking sites at work

Talk to your kids about social networking Some employees have replaced the daily computer solitaire break with a daily check of Facebook, LinkedIn, Twitter, MySpace, Windows Live Spaces, or other favorite social networking site, many workplaces report.

Online social networking might be a more interactive distraction for employees than playing cards, but it’s a lot more dangerous to the health of the corporate network.

Several recent reports attest that phishing scams, viruses, spyware, and other unwanted software are spreading through social networks and into workplace networks. These outbreaks can damage computer systems and might even steal sensitive information from your company.

Some workplaces block social networking Web sites, but because these sites can also be a valuable tool at work, you still might have access.

If you do, here are some ways to use that access more safely:

Find out if your company has a policy about visiting certain Web sites using your corporate network. When you sign up for a social networking site, use your personal e-mail address, not your company e-mail address.

Use caution when you click links that you receive in messages from your friends on your social networking site. Treat links in messages on these sites as you would links in e-mail messages.

Before you click a link, make sure to read the target address. If the e-mail message appears to come from your bank, but the target address is just a meaningless series of numbers, do not click the link.

Be choosy about who you accept as a “friend” on a social network. Identity thieves may create fake profiles in order to glean information from you. This is known as (Social Engineering)

What is social engineering?

Online criminals can use sophisticated technology to try to gain access to your computer, or they can use something simpler and more insidious: social engineering.

Social engineering is a way for criminals to gain access to your computer. The purpose of social engineering is usually to secretly install spyware or other malicious software or to trick you into handing over your passwords or other sensitive financial or personal information.

Some online criminals find it easier to exploit human nature than to exploit holes in your software.

Be careful about the information you reveal about your workplace or company on your social networking site. (This is a good rule to follow for blogs too.)

 How to report a scam

You can use Microsoft tools to report a suspected scam.

• Internet Explorer. While you are on a suspicious site, click the gear icon and then point to Safety. Then click Report Unsafe Website and use the web page that is displayed to report the website.
• Hotmail. If you receive a suspicious email message that asks for personal information, click the check box next to the message in your Hotmail inbox. Click Mark as and then point to Phishing scam.
• Microsoft Office Outlook. Attach the suspicious email message to a new email message and forward it to reportphishing@antiphishing.org. To learn how to attach an email message to an email message.

What to do if you think you have been a victim of a scam

If you suspect that you’ve responded to a phishing scam with personal or financial information, take these steps to minimize any damage.

• Change the passwords or PINs on all your online accounts that you think might be compromised.
• Place a fraud alert on your credit reports. Check with your bank or financial advisor if you’re not sure how to do this.
• Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.
• If you know of any accounts that were accessed or opened fraudulently, close those accounts.
• Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn’t initiate.

Tools to help you avoid scams

Microsoft offers several tools to help you avoid phishing scams when you browse the web or read your email.

Windows Internet Explorer. In Internet Explorer 8 to 10 the domain name in the address bar is emphasized with black type and the remainder of the address appears gray to make it easy to identify a website’s true identity.

The SmartScreen Filter in Internet Explorer also gives you warnings about potentially unsafe websites as you browse. For more information use the link r SmartScreen Filter: http://windows.microsoft.com/en-US/windows7/SmartScreen-Filter-frequently-asked-questions

Windows Live Hotmail. Microsoft’s free webmail program also uses SmartScreen technology to screen email. SmartScreen helps identify and separate phishing threats and other junk email from legitimate email. For more information, please use this link http://windows.microsoft.com/en-US/hotmail/security?t1=t5

Microsoft Office Outlook. The junk Email filter in Outlook 2010, Outlook 2007, and other Microsoft email programs evaluates each incoming message to see if it includes suspicious characteristics common to phishing scams.

How Junk Email filters work

The Junk Email Filter evaluates each incoming message to assess whether it might be spam, based on several factors. These can include the time when the message was sent and the content of the message. By default, the Junk Email Filter is turned on and the protection level is set to Low. This level catches only the most obvious spam. You can make the filter more aggressive by changing the level of protection that it provides.

Note The Outlook Junk Email Filter doesn’t stop delivery of junk email messages, but moves suspected spam to the Junk E-mail folder.

You can adjust the Junk Email Filter settings in the Junk E-mail Options dialog box.

On the Home tab, in the Delete group, click Junk, and then click Junk E-mail Options.

Junk E-mail folder

Any message that is suspected to be junk is moved to the Junk E-mail folder. We recommend that you periodically review the messages in the Junk E-mail folder to check for legitimate messages that were incorrectly classified as junk. If you find a message that isn’t junk, drag them back to the Inbox or to any folder. You can also mark the item as not junk by doing the following:

On the Home tab, in the Delete group, click Junk, and then click Not Junk.

Junk Email Filter Lists

While the Junk Email Filter checks your incoming messages automatically, the Junk Email Filter Lists give you more control over what is considered spam. You can add names, email addresses and domains to these lists so the Filter allows for messages from sources that you trust, or blocks messages that arrive from specific email addresses and domains that you don’t know or trust.

Safe Senders List Email addresses and domain names in the Safe Senders List are never treated as junk email, regardless of the content of the message. You can add your Contacts and other correspondents to this list. If you use a Microsoft Exchange Server account, all names and addresses in the global address list (GAL) are automatically considered safe.

Safe Recipients List If you belong to a mailing list or a distribution list, you can add the list sender to the Safe Recipients List. Messages sent to these email addresses or domain names are never treated as junk, regardless of the content of the message.

Blocked Senders List You can easily block messages from particular senders by adding their email addresses or domain names to the Blocked Senders List. When you add a name or email address to this list, Outlook moves any incoming message from that source to the Junk E-mail folder. Messages from people or domain names that appear in this list are always classified as junk, regardless of the content of the message.

Blocked Top-Level Domains List To block unwanted email messages that come from another country/region you can add country/region codes to the Blocked Top-Level Domains List. For example, selecting the CA [Canada], US [United States], and MX [Mexico] check boxes in the list would block messages from email addresses that end in .ca, .us, and .mx.

Blocked Encodings List To block unwanted email messages that appear in another character set or alphabet, you can add encodings to the Blocked Encodings List.