advice and tips for using social media safely. 9ic9i 9ic9i its not really

How to stay safe online!

Advice and tips for using social media safely

It’s magic! https://

www.youtube.com/watch?v=F7pYHN9iC9I

It’s not really magic, it’s all online

Image from: http://blog.whitehatsec.com/introducing-the-i-know-series/

Identity Theft

Physical Theft/Burglaries

Sexual Predators and Stalkers

Spam and Malware

Reputation and Employment

Concerns

Privacy settings

Over Sharing

Location based data/GPS tagging

Reasons

Identity Theft

“Free” services online, make their money by selling you to third parties◦ Because of this, privacy settings by default are

almost completely open You should limit your profile to only be able

to be viewed by friends Facebook has ~170+ privacy settings,

scattered throughout several pages

Privacy Settings

Anytime that you install an app, it asks you to allow it a multitude of different permissions

Even if you lock your profile down, you can still be making everything freely available to apps

A great example of this is at http://www.takethislollipop.com

Apps

The idea of a social network is to gather friends, just make sure that you only accept requests from people you actually know

Accepting unknown people as friends is giving your information away just like granting apps permission

Once they have your information they can target you in spear-phishing emails and other forms of spam

Friend Requests

We constantly preach about not using the same password on multiple sites, but using the same user name can be just as bad

Programs like LastPass and Keepass can store your information for you in a central location

Remember the HB Gary Federal hack last year?◦ The CEO used the same user name and password

across multiple systems

Passwords and User Names

It sounds silly, but don’t take a picture of your credit card and post it online

https://twitter.com/needadebitcard◦ Was created to “shame” people who did just that

Remember, if it sounds too good to be true, it most likely is

Don’t make it easy

What are some good ways to effectively manage privacy settings?

There are apps out there that can help! You do, however, need to be careful about

what apps you choose, so you don’t fall in to what we’ve already talked about

Either verify that the author/creator of the app is a trustworthy source, or just do a Google search for reviews

If you can’t find anything easily, it’s likely not a good program

How can I process all of this?

Privacy Fix installs as an app in your web browser (Firefox and Chrome), it then scans your privacy settings in Facebook and also in your Google account if your logged in to them

It provides you easy ways to “fix” open privacy settings, but does it in a way to teach you

http://privacyfix.com

Privacyfix.com

Is an app in Facebook, created by F-Secure Scans links in your private messages, and

on your wall Allows you to scan links for safety before

you post them on your wall

ShareSafe

Physical Theft/Burglaries

Don’t invite them in

Can anyone give an example of why tagging photos with GPS location data is a bad idea?

Don’t post dates of when you are leaving and coming back from vacation.

Wait until after you get back to post pictures Turn GPS tagging off on your pictures so people

can’t find out as easily where you live◦ http://weknowyourhouse.com/ ◦ https://twitter.com/WeKnowYourHouse

Don’t post things about your house that might make it vulnerable

This could never happen to me! Right?

Going away on vacation?

http://thetimes-tribune.com/news/jessup-police-investigate-break-ins-tied-to-facebook-1.917832

http://www.kcrg.com/news/local/Police-Facebook-Photos-Could-Lead-to-Break-Ins-160333525.html

http://www.cosmopolitan.com/advice/tips/burglaries-because-of-facebook

Predators and Stalkers

Anyone can pretend to be anything online Don’t accept friend requests from people

you don’t know Turn off GPS tagging on your posts/photo

upload◦ If someone is following you, you could be telling

them exactly where you are!

Imagination isn’t always good

Malware and SpamBe careful what you click

Malware is being created with the end user as the vulnerability instead of flaw in software

Don’t click on links sent from people you don’t know

Be wary of links that are even sent from “friends” their accounts could have been compromised◦ A common tactic is to send a link with a caption that

the video is related to something currently going on in the world or related to you (e.g. “Footage of Bid Laden Kill” or “you even see him taping you, that’s awful”

The target has shifted

Does your number fall between (000)000-0000 and (999)999-9999?

A vulnerability was found in Facebook, just last week, that allowed anyone to search for a number and connect it to a name◦ Facebook fixed this vulnerability, however their

“fix” was to limit the amount of searches that an IP address could do in a specified amount of time

If your telemarketer phone calls start to pick up, you might know the reason why now

Do you have your phone number on facebook?

Another trend recently is to receive a phone and be greeted with “I am calling you from Windows!”

They try to convince you that your computer has errors and viruses and you need to download their software and pay them money to fix it

The software is a backdoor giving them direct access to all of your files, and some people have paid upwards of $500 for their “fix”

Malware through the phone

Certain apps will ask you for permission to do all sorts of stuff, even send messages on your behalf

While possibly unintentional, they can still have the effect of spamming your friends◦ A Happy Birthday app is a more common one of

this, that automatically sends all of your friends a private message with birthday wishes

I authorized what?

There are several websites that show what malicious websites are capable of extracting from your web browser◦ …what websites you’ve visited◦ …who is on your Gmail contact list◦ …what Firefox addons are installed◦ …what you’ve previously watched on Youtube◦ …what sites you are logged in to◦ They can steal a browsers auto-complete data◦ They can even activate a computers camera and

microphone This is a great write up on all of the facets:

◦ http://blog.whitehatsec.com/introducing-the-i-know-series/

I know…

Your Online Reputation

Your current and future jobs might depend on it

What are some good examples of oversharing?

This is a short list of things you should not share:◦ Full Name (especially your middle name)◦ Your birth date◦ Hometown◦ Phone numbers◦ Relationship status◦ Your school name/location/graduation dates◦ Pet names

These are answers to some of the most commonly asked “forgot password” questions, and with this information anyone could reset your password

Am I oversharing?

You might be surprised what you find

Facebook has a privacy setting, that by default makes your profile searchable◦ This is one of the settings PrivacyFix helps you

find

Have you ever Googled yourself?

Don’t post it on Facebook! Would you want to post that your hungover,

taking drugs, or what your brand new phone number is?

Sadly, these people all do◦ http://weknowwhatyouredoing.com/

Do you hate your boss?

Visit http://staysafeonline.org/stay-safe-online/

There are great, short, educational videos and topics ranging from how to protect yourself at home and at work, and also how to make sure your kids are safe online

For more tips on how to stay safe

Questions?