Internet-based social networks have made the world a smaller place. Sites such as Facebook and Twitter have brought together long lost friends and distant relatives. While LinkedIn has successfully placed a number of people in jobs they may never would have heard of otherwise, matchmaking sites and even chat rooms have played the role of modern, digital cupids.
However, like for any other technology, there will always be those who try to exploit the situation for ulterior motives. Financial scams, defamation campaigns, cyber-bullying are terms now commonly associated with the internet. Much has been written and shared on how to avoid this; individuals can and should educate themselves via resources provided by governments and other organisations working to improve cyber security.
The dark side of the internet isn’t discussed much, yet the consequences are far more significant; physical trauma has been known to occur as a direct result of not being cautious about what we share or do online.
There are primarily two tactics used to exploit the online presence of a user on social networking forums – hacking and social engineering. In practice these are often combined.
Hackers gain access to your information by installing unwanted software on your smartphone or computer. Social engineers are hackers who specialise in exploiting personal connections via social networks. They may also manipulate people through social interactions such as telephone calls, written communication or even in person.
One hears, almost daily, of a friend, relative or colleague who has had to create a new email, Facebook or Twitter account because their previous one had been hacked. Very few people discuss social engineering because this involves a more intimate interaction with the wrongdoer and the victims consider it embarrassing.
Humans are considered the weak links in cyber-security, therefore they are targeted easily by hackers and social engineers. Their aim is to get past the security wall by tricking the individual into believing that they are harmless and legitimate. Depending on their ultimate aim, these individuals can take anywhere from a few minutes to several months to carry out the actual sting.
The most well-known incident in Pakistan was of the kidnapping of a teenage boy by a friend he made on Facebook. As per the reports, the young man was befriended by the elder brother of his friend. He chatted with this individual for a couple of months before he invited him to meet. When they met, the boy was kidnapped by the associates of the Facebook “friend”, and only freed after the authorities conducted a raid on their hideout.
The child’s mother when interviewed after the recovery called for a ban of the social networking site. While that would perhaps be too extreme, it is important to discuss some of the actions that should have been taken (but weren’t and contributed to this situation) to prevent citizens from becoming a victim in the future.
- Children’s access to the web should be monitored by a guardian or parent.
- The computer or handheld device must be used in a common space where adults are present.
- Parental controls should be installed.
- Educate the child to use internet safely and discuss the consequences.
- Know where and with whom your child is, all the time.
During natural disasters, communities come together and support the victims. Many provide funds and depending on the circumstances, others offer cash. Here too, frauds often take place. Some people impersonate genuine aid-collectors and collect funds from donors, never to be heard from again. Significantly in a number of cases the donors (victims) have invited strangers to their workplace and homes to handover the cash, exposing them to possible further harm.
On reviewing their actions, many people agreed that:
- They didn’t verify the authenticity of the aid-collectors because the message came from a friend who shared it on their social networking page.
- When the aid-collector arrived they hadn’t asked for ID documents nor kept a copy if shown.
- Made no call to the referring friend to confirm the identity of the aid-collector.
In both scenarios, the scam artists relied on the trust from their victim. In the kidnapping incident the perpetrator made the victim comfortable by talking to him for an extended period. While in the aid scam the victims didn’t bother verifying the authenticity because they had come to them through a friend.
A growing online trend is to create and share invitations for personal events on Facebook. Apart from intended guests, many other people also attend the event because they see that their friends are attending the event, or have even received an invite from someone who shared the event online. Crime investigators report that burglaries have taken place, and even events have been targeted by criminals depriving everyone of their valuables. This vulnerability is primarily due to the readily available information including the venue and duration of the event. Also, the visibility of an event page is quite difficult to control.
Authorities around the globe report that it is quite common for people who return from vacations to find their homes burgled. When interviewing the perpetrators, a large number of criminals stated that they often scouted social media forums for their next target. Their victims have shared the dates they were going to be away. Their home address, contact numbers and even pictures of their homes were also available online. They’d make a quick confirmation call to the victim’s home and office to confirm they were away and off they proceed with the comfort of knowing they have the house to themselves.
Next time you are travelling you should reconsider before giving out details of your vacation plans. Avoid sharing pictures while you are on vacations, they tell the bad guy exactly what he wants to know – you’re away and the house is empty.
On a separate note, if you are buying or selling items online as an individual or an organisation, you are also exposed to certain malpractices and frauds. Local businesses selling products with cash on delivery option should send out a staffer to first collect the cash from the customer and then a second person to deliver the goods. The need for this additional step arose when individuals refused to pay for the products they ordered.
Additionally, individuals should be mindful of inviting strangers into their homes. Large sums of money should be handled inside a bank, limiting the possibility of counterfeit currency and also benefiting from the security presence at the bank.
Just as you don’t leave your doors unlocked, you need to lock out strangers in cyber-space and ensure proper password protection. Trainings and material on cyber security have been made available by organisations such as Bolo Bhi and Bytes for All (B4A) respectively. A recent publication by B4A on “Online Violence, Prevention, Reporting & Remedy”, authored by Shoaib Taimur, is an in-depth guide on prevention of cyber crimes and reporting incidents to the authorities. This should be a go-to guide for all, especially for those parents whose children are online.
Creating awareness and identifying risks are the first steps to tackle and eliminate concerns. The cyber world is no different to the physical world we live in. While it has opened up a new world for the bad guys, it has also given us the power to share knowledge with those far and beyond our access in the physical world. Learning from one’s mistakes and talking about it will help educate others about the traps they may not be aware of.
Norbert Almeida is a security analyst who blogs on security matters at www.norbalm.com. He tweets @norbalm and can be contacted at ask@norbalm.com