Social networking sites have morphed into a mainstream medium, which enable people to exchange information about themselves, share pictures and videos, and use blogs and private messaging to communicate with the world-at-large. But there’s a downside.
Online social networking may not be as safe as you think.
Putting your pets’ or kids’ names and personal photos or other identifying information on Facebook, LinkedIn or other social networking sites may actually invite easy access to your passwords or security question answers. Including such identifying information can also expose you to a phishing scam, a scam in which someone electronically attempts to gain access to your sensitive information, such as usernames, passwords, credit card details, etc, by masquerading as a trustworthy source, such as through a friend’s e-mail address. The potential for security breaches lurks with every keystroke.
Fudge your Security Answers
“Be wary of sites that provide password recovery using easily discoverable public information,” says Adam Pash, editor of Lifehacker, a software and Internet weblog. If you can't avoid using a site that employs common security questions, Pash suggests you obscure the answer by placing words or numbers before or after them. For example, if your mother's maiden name is Smith, simply throw an adjective in front of it, like Amazing Smith. It's not foolproof, but it could stop criminals from hacking your account by finding a little personal information about you through a simple search on Google.
“It is important to have a strong password for any account where you store personal or financial information or anything else of value to you – including your e-mail accounts, social network accounts and financial accounts,” says Lorrie Cranor, PhD, associate professor of computer science and engineering and public policy and director of CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University in Pittsburgh, Pa. Strong passwords typically include at least six characters and use numbers, letters and symbols. To check the strength of your passwords, use Microsoft’s password checker.
For sites where you haven't provided any personal information, it’s not necessary to use a strong password. It’s also wise not to use the same password on these “low security” sites that you used to protect more sensitive information on others sites. Instead, pick an easy-to-remember password for all your "low security" sites.
Guard Against Phishing
Social networkers should look closely at electronic messages they receive to distinguish between legitimate senders and a phishing scam. Scammers phish by luring people into malicious copy-cat Web sites to try to “catch” personal information. Phishing is now cropping up on these sites the same way it did at banking and credit card portals.
If a friend wouldn’t normally send a link that simply says, “Check This Out,” via Facebook or Twitter, it’s probably not really from them. Watch out for unusual links and read them closely before clicking. And whenever you log into any social networking page, just like your banking site or credit card issuer, make sure you’re really there and haven’t been phished. If in doubt, don’t fall prey to the bait. Enter the site in your Web browser yourself rather than clicking a link from an e-mail message, status update or wall post. This can help prevent the scammer from gaining direct access to sensitive information that may be on the account your clicking from
Use Real Time Updates With Caution
It’s also not a good idea to tweet that you're away on vacation – lest someone decides it’s the opportune time to rob your home. Since Twitter is almost a real-time gauge of what a person's doing, tweeting that you're going for a walk or heading to the grocery or any other personal information could compromise your safety.
“Often it’s a question of how comfortable you are making information available and how diligently you monitor the privacy settings of the sites you use,” says Pash. Most sites are jam-packed with privacy settings you can adjust to fit your level of comfort sharing information online. Stick with these tips when social networking:
- Whenever posting anything on the Internet, consider both your privacy and your security.
- If your information is freely available, ask yourself what effect it may have on potential employers, family members and even your kids.
- At the most basic, you can set your Facebook privacy levels so that no one who isn't your friend can see anything you post.
- Twitter allows you to keep your tweets private, prevent them from turning up in search engines, and block those you don’t want following you.
- Your MySpace profile and photos are public so never post anything that would embarrass you later or compromise your security. Be careful about adding strangers to your friends list. People are not always who they claim to be.
- LinkedIn allows you to display only your first name and last initial, control your public profile and only allow invitations from an approved contacts list.