Humans are cataloged as being the weakest link in security

Apr 30, 2012 20:01 GMT  ·  By

The Federal Bureau of Investigations (FBI) issued its new Internet Social Networking Risks advisory to highlight the threats that target the customers of social media websites.

First of all, the two main tactics used to exploit social networks are explained. On one side, there are highly skilled hackers who use specialized software to achieve their purposes. Then there are the so-called social hackers, or social engineers, who rely on tricks to manipulate their victims.

One of the things highlighted in the brochure is the fact that the naivety of an individual is the factor that’s mostly leveraged by cybercriminals.

“Humans are a weak link in cyber security, and hackers and social manipulators know this. They try to trick people into getting past security walls. They design their actions to appear harmless and legitimate,” the FBI warns.

Customers of social networking websites are advised to take into consideration the fact that the more information they make public, the more exposed and vulnerable they become to malicious schemes.

As security experts highlighted in the past, publicly available personal details are a precious resource for predators, fraudsters, hackers and even business competitors since they can use the information to launch targeted attacks.

Among the tactics deployed by cybercriminals we find baiting, clickjacking, cross-site scripting attacks, doxing, pharming, phishing, phreaking, elicitation, spoofing, and the classic scams.

Defending against such actions is not easy, but it’s not impossible either. For companies, the use of multi-layered security, active data movement monitoring, the introduction of policies, and the education of employees is highly recommended.

While common sense can usually keep internauts safe, software resources, such as antivirus and firewalls, can also make a difference.

Finally, the FBI provides the names of several websites that contain precious information on how to protect yourself against such attacks. The list includes ic3.gov, dhs.gov, ftc.gov, onguardonline.gov and lookstoogoodtobetrue.com.