Skip main navigation

Security on Social Media

In this video, you will learn the ways in which social media can be a cybersecurity risk and the types of information that can be collected.
5.9
In this video, we’re going to talk about why you need be careful about what you’re posting and how data leaks can be used against you. So we tend to have a lot of different social media accounts, Facebook, Instagram, Twitter, LinkedIn, Pinterest, YouTube, and whatnot. And what we need to consider is, what type of things are we posting on these different social media avenues? Well, typically, we post things like photos, calendars, vacation photos, things that we like and don’t like. And we even communicate private messages to one another. So these happen to also be the things that a malicious hacker is going to search for during the reconnaissance phase of hacking, also known as OSINT, or open source intelligence.
50.1
So what are the type of things that hackers are typically looking for? Well, they’re scanning your Facebook account and other social media accounts for different dates. They want to see when you’re on a vacation, when you’re working, and other critical times and dates. Photos, they’re taking a look at your photos. They want to take a look at what type of information they could find in your photos, things like, did you take a picture of your desk and you happen to have a password written on a Post-it note. You might think that’s kind of funny, but it really does happen sometimes.
79.9
Locations, a malicious person might be able determine where you are based on the photo, things that are in the photo. Things like geolocation. If your photo’s geotagged, they might be able to find out where you’re at and when, and other odd information from those photos. Friends and family, they want to know who your friends are. Who you’re following. Who’s following you. Who you’re related to. Personal information, things like what school did you go to? Where did you work? And other information about you. They also want to take a look at what you like and dislike on social media. Basically, building a profile on you. So you might think, “What’s the big deal about this?
122.5
What can people do with this information that they’re finding?” Well, impersonation. By collecting information that’s publicly available, a malicious hacker can use that information to impersonate you. So find out your likes, dislikes, family members, where you’re working and that. So we can definitely take that information and start posing as you. Well, they could take that information pose as you during a phishing or spear phishing campaign. Either they could have used that information to pose as you to try to hijack someone else in your company, your friends, your family. Or they might use that against you directly. By collecting information that’s publicly available, they might take the information to send you a spear phishing email.
165.2
Theft by viewing when you post when you’re at work or vacation. A thief can use an information to break into your house, your business, or whatnot. And this actually has happened before. Stalking, so sadly, oversharing information or sharing personal information about you can help people stalk you. So what are the type of things we could do to mitigate this? Well, privacy options. One of the best things you could do is set your privacy option. You want to check your privacy options. See what information is being shared publicly and lock that down. Now, you want to do this often because things like Facebook tend to change your privacy options quite a bit.
203.9
And you might be secure one weekend, and next week or next month, they may have changed their policy again and left you open again. So you do want to periodically revisit your privacy options. Sharing, be careful what you share publicly. Also be careful what people are sharing about you. Just because you have good privacy settings, doesn’t mean whoever you’re sharing information with has those same types of security settings in place. Photos, be mindful of the type of photos you’re using and posting. What things you could find in those photos, geolocation, and whatnot. Calendars, never post your public calendar. Things like your vacation, especially if you’re on vacation still, don’t post information about, “Hey, I’m in Hawaii right now”.
254
Don’t do that, because people will know that you’re away from home, away from work. Family tree, keep your family tree private. Family tree can be used for gathering information. I’ve actually seen this quite a bit where someone will take a look at the family tree and they’ll take a look at who’s related to who. They’ll find the oldest relatives, pose as a grandkid, pose as a nephew or niece. And then call and say something like they’re locked in a Mexico prison or whatnot and they need them to send money so they can get out. It’s pretty horrific. But this family trees can be used for that avenue and purpose.
293.3
So you might think, “OK, well, yeah, I had some stuff but I deleted it. Big deal.” Well, the problem with that is, the old adage that if it’s on the internet, it’s always on the internet. Let’s take a look at a website called the Wayback Machine. So the Wayback Machine is also known as the Internet Archive. And what this does is it archives the internet. So right now, they have roughly 424 billion web pages saved over time. And the way this works is you go to the website, you type in a URL. And then you can see different snapshots of the website. So yahoo.com, they go all the way back to 1997, or actually earlier than that.
333.2
So we choose 2001. We’ll go to May. And I think we’ll do May 10th. And we’ll take a look at 206. So if we click on any one of these dates, we can go back in time. Take a look at what that website looked like at one point. So this is what Yahoo looked like back in 2001, May. So as you see, if you posted something on one point, you delete it out. If it got archived on say a website like the Wayback Machine, someone could actually go back and still look at that post even though it’s deleted.
371
Even if you posted information 18 years ago, 19 years ago, it’s potentially still archived somewhere for someone to actually get that information from. So you do need to be careful always about what you’re posting. So this was about why you need to be careful about what you’re posting on social media. In the next video, we’re going to talk about why social engineering can be used in online quizzes. Thank you for watching. I’ll see you in the next video.

In this video, you will learn the ways in which social media can be a cybersecurity risk and the types of information that can be collected.

After you’ve watched the video, read through the following recap on what hackers look for on your social media.

Hackers look for the following information.

  • Dates: your birthday, when you’re on holiday/vacation or at work
  • Photos/videos: items/people in the media can give away important information
  • Friends and family: who you follow, who your family are, who your friends are
  • Personal information: schools you went to, where you work
  • Likes and dislikes: this can relate to a variety of things and provides information that can be used in multiple ways

Over to you: Update your security settings on your accounts.

This article is from the free online

Cyber Security Foundations: Why Cyber Security is Important

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education