Online Social networking sites saw an exponentialgrowth in recent years and became a very popular way of communicating andinteracting with friends and family members.
It has also become one of the mostemerging media of communication. Online Social Networks (OSN) makes thecommunication cheaper and quicker 1.Users who use this Online Social Networks(OSN) share and provide an astonishing amount of personal data on thesenetworks and this pose a very serious privacy and security concerns.Multiple social networking websites such asFacebook, Twitter, MySpace, and Google Plus exist but the people all over theworld mostly use very few. Users of online social networks must need an e-mailaddress to create the profile to start the communication process with others1. Most of the users on OSN also provide various personal details like mobilenumber, date of birth, residential addresses, and personal images. Further,they also give other details such current location, day-to-day activities,lifestyle, likes, dislikes, and financial details.As users share their personal information on OSN,most of them give this information without any careful considerations.
Hence,OSN becomes a large pool of sensitive data. Cybercriminals and people withmalicious intent can use this detail for their personal benefits or harm userspresent on these OSN. Moreover, social network users tend to have a high levelof trust toward other social network users. They tend to accept friend requestseasily, and trust items that friends send to them 2.
Cybercriminals exploitsensitive data and chain of connection through social engineering and reversesocial engineering 2. The goal of these two methods is to obtain users’context-information i.e. information related or meaningful to users. Bothmethods are being used prior to other attacks such as phishing, spamming, andmalware attacks 2.
There are various kinds of security, and privacyissues exist in OSN. Some of them are Image tagging, User’s anonymity, Fakeprofile, Social phishing, E-mail spam attack, Malware attack and Identitytheft. Below we are describing all these issues one by one.User’s Anonymity:Most of the users use their real name on theseOSN so that anyone with their real name can search user’s profile on thesesocial networks. Also on the search engines as they can also generate indexprofile of users present on these OSN. Therefore, it becomes very easy forcriminals to find details about their target users or they can search newtarget based on this technique.Fake Profile:Cybercriminals and attackers create their fakeprofiles to connect to their target users and lure them to view their profile.The fake profiles can be like a girl’s profile or a celebrity profile so thatthey can contact the victim.
As a result, the attackers use their profile’sdetails or send them some malicious links. Attackers can also use OSN users’personal details and can create own fake profile.Social Phishing:Social phishing is a type of attack in whichattacker creates a website similar to the original website. In addition, italso lures users to their website and asks for some sensitive information suchas password, financial details, or any other personal information 1, 2. Forinstance, the attacker will send the message to the victim that “you haveto authenticate your profile otherwise your profile will be deleted.
” Inaddition to that, another message such as “your password has expired youhave to change your password” is also very common. When the victim visitsthe particular fake website, it will prompt the user to enter the sensitiveinformation like the username or password of the victim. Most of the time theattacker is successful with social phishing because of the unawareness from theusers side 2. Once the attacker has user’s personal details he can use thatfor his own benefit.E-mail SpamIssues:In this type of attack, the hacker or attackergets the email address of the victim from its’ OSN profile.
As a result, the attackercould forward the spam emails to users anytime. Most of the users on OSN keeptheir email address available public and the attacker can easily identify it.If the user keeps their email id as private or hidden, then it can be guessedwith the victim’s first and last name. Besides, most of the social networkingwebsites offer friend search or profile search through e-mail. The attacker caneasily obtain any details from these features offered by the OSN 2.
Malware Attack:Since the main concept of social networks reliesupon a relationship among users within the systems, malware can easily spreadthrough this interconnection. Many social networking websites still lackmechanisms to determine whether URLs or embedded links are malicious or not. Hence,attackers can exploit this flaw easily. The ill-disposed link can redirectvictims to malicious websites to victim’s computer to steal information or usethe computer to attack others 1. Once the user clicks, the malware URL falseinformation will be posted on the victim’s wall.
Similarly, by clicking themalware URL a client-side code will be installed on the victim’s system tosteal the information stored on the machine 2. Identity Theft:Identity theft is a big issue on OSN as manyattackers and criminals create some popular profiles or celebrity profiles. Inaddition, they also mislead and lure other users to add to their communicationgroup or their friend’s list. This theft is also called profile cloning whereattacker exactly clones profiles of other users and steal their personalidentity. This identity theft also includes cross-site profile cloning, wherecriminals create a similar profile on other sites where users are alreadyregistered. Also not only they had send new friend requests to all but to thecontacts in another social networking site too2.
By carefully studying all these securities and privacy loops in OSN it isobvious that social networking sites are not completely safe to use.Furthermore, cyber criminals and other sick-mind people can use our personalinformation to harm our identity or us. All users should have to be careful insharing their personal information and should be aware of whom they are addingto their network or interacting with. By using the latest browser, not sharingmany details, carefully adding people on their network and with littleattention, they can avoid such security holes while using OSN.