Global Information Technology

December 12, 2013

Remaining Secure While Being Social

For those of us who have been using social media for a while, it’s inevitable to have received a request to connect from someone whom you don’t know. While it can be tempting to accept the request to expand your social network and open up new horizons, you could also be exposing yourself and others connected to you to a malicious social engineering risk. If you’re not familiar with the term, a social engineer runs what used to be called a “con game.” For example, a person using social engineering might try to get you to reveal sensitive information, known as phishing.
Another aspect of social engineering exploits people’s inability to keep up with the changes of the digital world, which relies more and more on information and technology. Social engineers succeed by relying on a lack of awareness of the value of information that a person possess and thus is careless about protecting it.

So what do you do when you receive a request from someone you don’t know? You might be tempted to accept or dismiss the request immediately without a second thought. Most people “like to be liked” so they do a little digging before making a decision to reject a potential “friend.” Before hitting “accept” you should do some research to determine why this person wants to connect with you. If you click on the profile of the person and don’t find anything in common or a shared interest, most people deny the request. But if the person happens to share connections with you or works for the same company, most people are more likely to accept the request, and that’s how social engineers get you.

While it’s nice to be liked and natural to want to expand your social network as well as to help others, you should only accept requests to connect on social networks from people you know. Social engineers build a network by first getting one or two people to accept, often absent-mindedly, their requests to connect. Others may be wary but will accept because they recognize that other people they know have accepted. Once the attacker has built a network of connections, he has become a “trusted insider” and those in the social network tend to let their guard down. Remaining secure while being social means choosing your social “friends” wisely and never sharing information online that wouldn’t normally be shared with the general public.