Security Fundamentals

9. Personal Actions to Reduce Risk of Attack

Social Media

Earlier sections have at where there are vulnerabilities in computer systems and some of the actions you can take reduce the risks of attack.

This section is concerned with how you can reduce the risks even further through the information you release online, particularly through the social media.

Managing Social Media

1. Research Social Media

Before signing up to a social media site, research your possible options. Check out:-

  1. Their privacy policy and options they offer to keep your details private
  2. What they do with your information and whether they share it with others.
  3. The content of the site. Is it abusive in tone? Is the material age-appropriate?
  4. Procedures for getting upsetting, offensive or incorrect information about you taken down.
Social Media
Remain Private

2. Remain Private

Get familiar with the privacy settings of your social media site.

Social media users commonly make two mistakes, both of which increase the risk of becoming a target.

  • That they're already hidden from view, or:-
  • They need to be as visible as possible in order to get friends.

Really check out the privacy settings. In Facebook there are multiple categories where privacy settings need to be set. You should hide yourself from search engines to prevent strangers from finding your page.

Also make sure your social media site doesn't give out information to companies. In Facebook you have to deny permission for Facebook to do this, together with the setting appropriate permissions for adverts. Otherwise you can become a target for companies and 'click-bait' adverts.

3. Limit identifying information

Consider the amount of personal information made visible on social media sites. At the very least don't:-

  1. Put up your birth-date. Identity thieves can use this as a starting point to obtain more information about you that can lead to them hacking your bank account and financial details.
  2. Include any identifying information, including phone numbers, address or even pictures of where you live.
  3. Don't include holiday dates or post holiday photos while you're away. Modern burglars regularly scan social media sites to discover empty homes.
Digital Identity
False Friends

Beware! People aren't who they always seem to be.

4. Make friends carefully

Social media is very convenient to keep up with your mates, but in doing so, you expose yourself to some risks.

  • It's nice to make friends, but be careful who you accept as friends. Hackers create false profiles to get information to start the attack process.
  • And be careful in accepting messages from workmates or friends asking for personal information. Hackers can pretend to be one of your friends.
  • Don't always click on links to software sent by friends. They might be unaware that it could link to malware or maybe their account could have been compromised.
  • Be wary of any offers or prizes that you've been told you've won. There's a good chance that these might be phishing attacks
  • Don't hand out email address of your friends. You don't want them to become target of phishing emails.

5. Post with Care

Assume that 'What goes on social media, stays on social media.' Once posted on the internet, all control about what you've said is lost. Once in the wild you have no idea how someone may interpret it or use it, either accidentally or deliberately. So:-

  • Choose a reasonable user-name. A name that seems cool, could appear childish or insulting later, on a few years down the line.
  • Even if your privacy settings are set to friends only, post on the assumption that everyone will see it. People can quote you to their friends on their Facebook pages which may not be private. Photo's can be copied, printed or used elsewhere.
  • Keep any work comments out of social media. Employers look routinely at social media and everyone must be familiar with the headline 'Facebook cost me my job'. It didn't, they did, by writing negatively about their boss, company or how they've managed to get one over their employers. Stay on the safe side, keep social life and work life separate.
  • Avoid posts and photo's which might been as cool now, but which later might prove to be embarrassing, either of yourself or others.
  • Avoid posts that deliberately set out to be insulting, violent, sexual, extremist or racist. People can report you and you could be prosecuted under the Communication Act 2003 which covers offensive communications, 'trolling' and cyberbullying.

6. Guarding your reputation

Good reputations are difficult to build and are very easy to lose. So checkout :-

  1. How your profile and pages appear to other people. Take advantage of a 'View as ...' tool to see how it looks to visitors.
  2. Actively look and see what your friends are saying/posting about you. Ask them to take material down that you might find embarrassing or untrue.

7. Guarding your account

Using social media can be a good thing. It's always good to share. But you have to be active in keeping people out of your account. Some of what follows appears obvious but its surprising how many people fail at the first hurdle.

  1. Don't share passwords! Passwords are not social.
  2. Be careful on what you include in your posts. Posts are scrutinised by hackers to get clues about passwords and possible answers to security questions.
  3. Be aware of screen scraping tactic which uses software to record what appears on screen in a series of screen captures.
  4. Check the activity log and make sure that no one else is using your account. Make sure the settings are set that allows you to monitor which devices are being used to access your account.
  5. Don't log on from public computers in internet sites. Hackers could have installed key loggers to capture your credentials as you enter them.
Guarding account
Anti Malware Protection

8. Keeping out malware

Social media sites are frequent targets of malware attacks. They're are after all, 'target rich' meaning you might not get them all but you will find a weakness somewhere in someone that you can exploit as a hacker.

So make sure you computer is up-to date and has good anti-virus protection.

In summary.


Precautions can be taken to guard against attack by using firewalls, keeping software up to date, selecting the best hardware and software settings to keep yourself safe and so on. But you also have to be careful about the information you release into the wider world.

Inadvertently you may be releasing clues about yourself that could be helpful to an attacker. Your pet names, favourite band may be clues to your password.

  1. In your notebook, create a page titled Personal Actions: Social media.
  2. Name the main port of call, people would go to find more information about a person.
  3. If you have a social media account, name it or a suitable alternative.
  4. Research the privacy settings of your named social media platform and describe the options available to you.
  5. Make a list of identifying or sensitive information you must avoid referring to in your your posts.
  6. Make a list of simple 'rules' to follow when making posts.
  7. Find a suitable example where it all went wrong for somebody following a post on social media. Share this with the rest of the class.
Facebook Profile

Don't forget, social media also includes sites like Instagram and Twitter. And you certainly don't want to appear less than sharp on those .... do you?

Social Media Fail

Using Social Media involves revealing and sharing information in posts, but too much information is a bad thing.

Imagine you have to give advice to a social media 'noob':

  1. In your notebook, create the heading Social Media Advice.
  2. Give your top 5 pieces of advice about posting you would give to a novice social media user. Explain why each piece of advice is a good idea.
  3. Compare your list with your neighbour's. Who's giving the better advice?

Time to learn another hacking method - Screen Scraping.

This method is extremely useful for capturing large amounts of data from websites, which can then be taken away and analysed. There are many programs around for screen scraping, which allow you to write 'bots' or 'crawlers' which automate the system of going out onto the internet to capture data being looked for.

Companies use them, amongst other things, for analysing what's going on in the market (e.g... discovering who selling what and for what price). Hackers can use them for gathering large amounts of personal data and see if they can discover weaknesses that can be exploited.

In this exercise screen scraping is being used to gather data in response to a simple query.

  1. Work along and follow the steps in the video to discover how the screen scraping works
  2. Repeat the process using your own query on another website. Attach your results to your notebook page.
  3. In your hacking methods section, under the heading Screen Scraping list the steps to follow to collect data.

If you had success, then BOOM! ... another hacking technique completed. Although you did this with a commercial site, imagine how you could apply this technique to a social media site.

Try a bit of research on google, if you can't ...

Before you try this, you will need to create a google account. And then use this to create an account at Portia Scraping Hub

You should be able to:-
  • Explain some of the risks and vulnerabilities of using social media.
  • Describe how you can minimise of successful attacks through safe working habits or personal behaviours.
  • Understand how screen scraping works and how it can be used to gather large amounts of data.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee