Social media providing valuable opportunities for password thieves
As is the case with many innovative technologies, social media security strategies have lagged behind adoption rates. As a result, determined password thieves have been shifting their focus to the gold mine of personal information posted across sites like Facebook and LinkedIn.
Despite continued warnings from technology pundits and IT experts, a number of consumers and business professionals continue to ignore the threat posed by poor password manager strategies. In reality, this first line of defense should be the strongest component of online security plans as it represents the most attractive target for cybercriminals.
"Why should a hacker go to the effort of finding a vulnerability when he could target a password?" asked former white hat hacker Jason Hart in a recent interview with V3. "The problem has always been there but the reliance of social networks and cloud computing [services] on passwords has been explosive. Password security is the only thing that impacts confidentiality, integrity, availability, accountability and auditability."
One popular tactic employed by hackers, according to Hart, was the targeting of a company's new hires by viewing their profiles on LinkedIn. Once contact information has been gathered, cybercriminals can pose as a member of a firm's IT or human resources staff and email their targets with fraudulent messages regarding onboarding information. Eager to comply with policies in their new workplace, unsuspecting victims often readily divulge a host of personal and business data.
As these incidents become more prevalent, the question of accountability has come to the forefront. Unfortunately, many believe that the burden of online security is shifting too far in favor of the account holder on popular social media sites.
According to V3, both LinkedIn and Facebook have endured criticism at times for their privacy policies. While they were once labeled as too restrictive, the emerging issues seems to be offering the end user too much control, often to the detriment of online security. The confusing terminology and lack of visibility surrounding these policies have compromised the profiles or more than a few users.