Security and Privacy Threats in Social Networks
For millions of Internet users, social networks has become a mainstream cultural phenomenon. Social networks leverages users’ real-world social ties and blends our online and offline lives even further by combining user-created profiles with communication systems. The four largest social network sites currently in use are Facebook, Twitter, LinkedIn, Google+ and they have over a billion integrated accounts.
By 2021, approximately 59 percent of the world’s population will be communicating with each other via the Internet. Facebook has 2.89 billion monthly active users and is the most visited website on the Internet as of 2021 . Twitter, a social microblogging site, has more than 206 million monetizable daily active users worldwide who send Tweets in over 40 languages. However, because of its widespread usage, social networks poses a significant risk to its users. By exploiting social networks, Threat actors can obtain sensitive personal data and carry out a range of attacks, including spam, identity theft, SocialBots, and malware.
With large number of users, privacy is one of the most obvious and pressing concerns about social networks. Social networks exacerbates a variety of privacy problems, such as surveillance, in which the social sphere of social networks is turned into a commercial sector, and social networks service providers watch user activity to limit market access. Users’ personal data is shared with other parties for advertising reasons, which might be misused.
Threats
Malware — Malware is malicious software that is meant to disrupt computer operations to steal a user’s credentials. Credentials collected by malware can be imitated in some instances send contagious messages to the user and his or her online friends. Most people are not aware that malware, which is spread through social network sites, is also on the rise. The more people spend time on social network sites, the more hackers pay attention to it and the easier it is to attract users to click on malicious links on social networking sites. There are several different ways in which malware can spread through social networks. The easiest way for a hacker is to gain access to a user’s account by sending malicious links. Another way to spread malware is to hide the malware in something else. In many situations, these attacks target common user resources such as credit card details, account passwords, computational power, and even computer bandwidth.
Phishing — Phishing is a social network security attack that is frequently used to obtain user information such as login passwords and credit card details. It happens when an attacker pretends to be a trusted entity and tricks the victim into opening an email, instant message, or text message. Social network phishing is an attack that takes place through platforms such as Instagram, LinkedIn, Facebook, or Twitter. The purpose of such an attack is to steal personal data or gain control of your social network account. Phishing attacks on social network include sending emails, messages, message links, and links to contact you in order to get sensitive information, credit card details, personal information, and login credentials.
Spammers — Spam is described as irrelevant or undesired communications transmitted through the Internet. These are typically sent to a huge number of individuals for a variety of purposes, including advertising, phishing, and malware. According to experts, up to 40% of social network accounts are exploited for spam. Traditional spammers’ emails may be ineffective as attackers randomly generate e-mail addresses or crawl to several public sites to search for e-mail addresses. A large portion of this spam may not reach the intended recipient. Also, if spam reaches the victims, there is a high probability that they will delete it, as most victims are aware of spam.
Cross-site Scripting — Cross-Site Scripting (XSS) Worms are harmful programs that propagate through a website and attempt to infect other visitors. Cross-site scripting vulnerabilities may be exploited in a variety of ways. XSS Permanent Attack, also known as Storage Attack, permanently saves the injected code on the target servers as html text, such as database, comment box, forum posts, etc. The most prevalent sort of XSS assault is the non-persistent attack. In this case, the injected code is delivered back to the visitor from the server.
Fraud — Internet fraud is a cybercrime scam that uses the Internet to hide or falsify information to defraud money, property, or inheritance. Some social network influencers solely push bogus mobile applications. Fraudsters also distribute dubious links to followers on social network as influencers. Once the victim clicks and enters the info, the fraudster can get total control over the influencers’ page or channel.
User profiling — This entails monitoring and analyzing a user’s behaviors in connection to both psychological and behavioral aspects using different approaches such as neural networks, genetic algorithms, and association rules. User profiles contain a variety of content, such as goals, tastes, user behavior, skills, and knowledge. This can open up the way for privacy leakage such as users’ age, gender and personality traits.
Inference Attacks — Within that sort of attack, attackers get unauthorized access to user data by employing various data mining algorithms to forecast relevant information. To carry out such privacy assaults, the attacker just requires publicly available data from online social networks. Online social networking information should be kept private. The attacker, on the other hand, can utilize data extraction algorithms to forecast personal information.
Cyberstalking — It is illegal for attackers to harass or threaten other users through social networking sites, instant messaging, emails, or any other means. Harassment and intimidation are examples of harassment behaviors, and they may entail personal follow-up or monitoring of the victim. The Internet or other electronic media is commonly used to harass or individual, group, or organization harass. Cyberstalking is a subset of cyberbullying; nonetheless, the phrases are frequently used interchangeably in the network.
Clickjacking — Clickjacking is an attack technique, sometimes known as User Interface Redressing, since it is set up by concealing a link with an overlay that mislead the user into doing something other than what he or she expects. This can cause users to access a malicious web page or download malware.
Location privacy leakage — Because of the ubiquity and convenience of use of smartphone devices, it promotes online social network members to reveal their location in online social networks. Criminals and hunters alike can benefit from this sort of information. Furthermore, online social network users publish their location without realizing that by sharing photographs and videos, their geographical locations are revealed. Identifying such a location can lead to threats such as sending false information to close people.
Identity profile cloning — This is a tactic used by attackers to establish a fake profile by stealing videos, photos and other sensitive material from the genuine profile of the target user. Attackers can create a copy of a user’s profile that is close to the target profile. Especially if the majority of the user profile is set to public. In this thread attackers use two ways. Those are cross-site cloning and same-site cloning. When attackers stole data from different social network sites it known as cross-site cloning. When attacker take information from same social network site it known as same-site cloning.
Information privacy leakage — unauthorized users detecting private and sensitive data. That attack called as information privacy leakage. In social networks people always share their information with their friend. Leaks of sensitive and personal information might be harmful to social network users. Phishing schemes, the use of insecure tools, information theft, and delivering information to the incorrect individuals are all key sources of information leaks.
Fake profile — This threat is most common threat in social networks. An attacker creates a fake profile on a social networks with fake credentials such as pictures, name, hobbies, social security number and other information and sends messages to the targeted person. The purpose of a fake profile is to gather user information. In addition to the bandwidth loss, fake profiles affect the overall reputation of the social networks.
De-Anonymization attack — Users may safeguard their privacy and anonymity using nicknames. To disclose the user’s actual identity, anonymization employs tactics such as cookie monitoring, network topology, and user group membership. Because the data provided on online social network is made public by default, they are an ideal target for anonymous attacks that attempt to identify a person from such data.
Even though social media poses a number of privacy and security dangers, these issues may be minimized by adopting precautionary measures. An attacker takes advantage of security and privacy holes in social media due to user ignorance. Materials shared with friends on social media may end up in the wrong hands, in the same format or in a different context. To get more secure privacy in social media, must know about privacy settings, personal information sharing and manage location information with knowledge about antivirus and antispyware and third-party applications users can overcome most common security issues and risks in social media...
Happy reading & Stay tuned with me for more interesting topics….!!!
