There are many tactics people may use to trick others into providing information or granting access to that information through social networking venues.
Once information is posted to a social networking site, it is no longer private. The more information you post, the more vulnerable you may become. Even when using high security settings, friends or websites may inadvertently leak your information. Personal information you share could be used to conduct attacks against you or your associates. The more information shared, the more likely someone could impersonate you and trick one of your friends into sharing personal information, downloading malware, or providing access to restricted sites.
Predators, hackers, and foreign state actors troll social networking sites looking for information or people to target for exploitation. Information gleaned from social networking sites may be used to design a specific attack that does not come by way of the social networking site.
Someone gives you a USB drive or other electronic media that is preloaded with malware in the hope you will use the device and enable them to hack your computer. Do not use any electronic storage device unless you know its origin is legitimate and safe. Scan all electronic media for viruses before use.
Publicly releasing a person’s identifying information including full name, date of birth, address, and pictures typically retrieved from social networking site profiles. Be careful what information you share about yourself, family, and friends (online, in print, and in person). Soliciting for personal information can take innocent forms, such as, “See what your band name is” followed by a graphic showing random words next to months and dates. You post what your “band name” is and now everyone knows your date of birth.
Deceiving computers or computer users by hiding or faking one’s identity. Email spoofing utilizes a sham email address or simulates a genuine email address. IP spoofing hides or masks a computer’s IP address. Know your co-workers and clients and beware of those who impersonate a staff member or service provider to gain unit or personal information.
This interactive presentation provides an introduction to social networking for Department of Defense (DoD) information system users. More.
The presentation acknowledges the positive aspects of social networking, but also familiarizes users with some of the risks associated with social networking services, especially as military, civilian, or contractor members of the DoD. Particular emphasis is placed on the guidance for and limitations on personal use of social networking on DoD information systems. Practical experience is used to assist users with making informed choices on issues encountered when creating an online profile on a fictional social networking service. This training concludes with a brief summary of the dos and don’ts of social networking for DoD members, particularly when using government computers. The information in this product can also benefit user’s friends and family members.