Written By: Andrea Gajic
As technology has developed and methods of communication have evolved, social media continues to have an increasingly influential role in our lives today. It has become a way for people to keep in touch with friends and family and stay in “the know.” Just as emails replaced letters, social media has slowly replaced texting to remain in touch. When using social media, people knowingly and sometimes unknowingly publish personal information about themselves that the public can then access freely. Phishing, previously done over phone calls, can now be conducted through social media by direct messaging the intended target. In fact, research suggests that as the use of online social networks has increased, the number of data security breaches originating from social networks has also increased (Fire et al., 2014).
There are four main categories of threats that online social networks and their users face: classic threats, modern threats, combination threats, and threats targeting children (Fire et al., 2014). There are many subcategories to these main four, though some are more known than others regarding online social networks. Classic threats are privacy and security threats that affect users and non-users of social networks. Modern threats are unique to online social networks and typically endanger user security and privacy. Combination threats are specified as their own category but are, as the name suggests, a combination of the other three types; they are generally used to classify attacks that do not fit into only one category.
One frequently observed classic threat as technology evolves is phishing. It is a form of social engineering hackers use to obtain users’ private information by pretending to be a trustworthy third party. A study on Facebook and phishing in 2010 revealed that “users who interact on social networking websites are more likely to fall for phishing scams due to their social and trusting nature” (Fire et al., 2014). Moreover, a Microsoft Security Intelligence Report in 2010 revealed that 84.5% of phishing attacks target the users of online social networking sites. As time passes, phishing attacks focus less on a general audience and more on an audience likely to fall for the attack. Additionally, social media users often make online “friends” that they, over time, begin to trust, despite never having met them. This trusting nature is a trait that leaves users vulnerable to attacks, such as phishing attacks.
An example of a modern threat would be a user promotion security vulnerability (UPSV) (Yue et al., 2020). This threat allows a platform member to send out links en masse to large groups, typically as a form of marketing not sponsored by the social network. Though these may be harmless, they may also be attempts to con users out of money by posing as legitimate funds or people in need. An experiment conducted by Yue and their team revealed that, of 44% of users who followed the link sent as a UPSV by a “streamer” on a platform, 13% ended up donating “gifts” to the “streamer.” This type of vulnerability in social networks, which allows users to send messages and links to unknown users, can result in serious security breaches. That, too, plays to the trusting nature of some social media users and potentially provides evidence of an increase in data security breaches as social media use gains popularity.
Threats such as online predators, risky behaviors (on behalf of the children), and cyberbullying are particularly common with children. In a study conducted in Europe, “30% of the children surveyed reported having an online connection with a person they had never met face to face, [and] 9% reported having actually met face to face with someone with whom they had only an online connection” (Fire et al., 2014). With their relationships with unknown strangers on the internet, children are likely to fall prey to social network deceptions such as fake identity and human target attacks. Fake identities can “catfish” the children and convince them they are communicating with someone that they are not. There are even instances where children feel isolated from their surroundings and seek companionship from “friends” they meet online. This leads to human-targeted attacks, as they may fall prey to cybergrooming and cyberstalking; it may even escalate to human trafficking.
There are many means to secure accounts, and most are ones that all of the previously referenced articles agree with. Regarding the security of children’s accounts, there seem to be fewer breaches in security when a parent follows the child and supervises their account (Cengiz et al., 2022). In terms of other attacks, there are a variety of defenses. Some, such as online network deceptions, rely on users being educated on the dangers of online communication and being careful with whom they communicate. Others, such as phishing and identity theft, require users to be aware of possible suspicious links and ensure they are not publicly sharing their data with the entire web (Guo et al., 2021). Additional common defenses against malware and other threats include classic firewalls and anti-malware applications.
Many different types of attacks can occur on online social networks. Each can be tailored to the user, and some, such as deceptions, can be virtually undetectable by the user. When researching the correlation between online social network usage and data breaches, it will be important to differentiate between the attacks or consider them as a whole, as each will have a different style of breached data.