Social Media Exploitation: How social media makes you an easy target

Facebook, Instagram, Twitter, Flickr, Tumblr, LinkedIn, etc (the list could go on and on) are all well-known social networking sites.  They have all become popular communications media for the vast majority of people.  Take a minute to think about what some of these sites might say or what information they might have about you.

Got it?

Now think about that information and if someone with malicious intent might be able to use it against you. Below is a quick list I created concerning typical information from these sites:

 • Name
 • Relationship status
 • Job Title
 • Employer
 • Interests
 • Friends
 • Family
 • Political Views
 • Age
 • Race
 • Religion
 • Where and how you spend your free time
 • Places you’ve been

All of the items listed above could be used to create a profile and potentially exploit you or a loved one.  When I say exploit, I mean someone looking to harm you could use that information in a phishing email, letter, phone call and so on, or even to find or stalk you. Think about those targeted junk emails or advertisement phone calls you may have received that are specific to something about you. They could have taken that information from a public social media site. Kind of a scary thought, isn’t it?


You might be asking yourself, “Why is someone trying to scare me about using social media?” An average social media user might not see the harm in letting the world know what they like.  Not knowing the risks involved in using social media, leaves a user open to exploitation.

How social media can be used against you
Last week, whilst having a drink with a friend she was asking how she could protect herself against someone stealing her passwords.  My first question was, “how complicated is your password?” Her response was “I think it’s OK,” which prompted a few additional questions:

 • Is your password comprised of your kids’ names, birthdays and so on?
 • Did you include your maiden name or birthday?
 • Did you use a name or title of where you live, work or travel?

The look on her face was priceless, because I had identified parts of her password without even really knowing her.  The information that I asked about is almost always part of an online profile that just about anyone can see, especially if a profile isn’t private.  I later described to her some password tips, such as not using words which appear in the dictionary, and using a mixture of letters, numbers and symbols.  Most importantly, I told her to not use information someone can obtain from social media profiles.

Another example of how easily information you share in social media can be exploited, is from a show called Mr. Robot.  The show has a couple of different themes, but the main character is a hacker who does some questionable things (although with good intentions) by night, and by day works at an information technology company.  What caught my eye was how accurate the hacking and forensic pieces were.  It gives basic users an idea of how information on a social networking site might be used against them.

In one of the episodes, the main character uses his skills and information obtained from social networking sites to profile the person he was targeting. He used that information to gain access to a user’s email, credit cards and phone. For the hacker, this was just information gathering, research, if you will.  It was just one example that the show used, but it might be the greatest representation of how a hacker goes about getting information.

Another example that the show uses is when the hacker is trying to break into a secured location.  The hacker does his research on a couple of employees within the company.  He uses information from a person’s Facebook page to get them out of the way.  For one of the employees, he finds out their significant other is pregnant, so sends them a text that that person is in labour.  For the other employee, he uses personal information found on social media to get past their defences and let them into the secured location.  Talk about social engineering!

These examples show seemingly harmless information being used to help the hacker reach his ultimate goal and in turn shows us to protect ourselves on social media sites.

Social media exploitation is very scary and very real.  There are so many examples of how hackers use these networks to get information about their targets.  As we continue to grow in this digital age, and use more and more sites that require personal information, users need to be aware and use caution about what type of information they are sharing.

Comments

Popular Posts