Being a marketing-communications guy, I’m not as geeky about software technology as some at Avira are – my geekiness is more aligned to any communications I see, which includes the ‘voices’ of spammers. I like to dig through my spam folder and analyze the ways that spam/scam writers communicate. Common Viagra or penis-enlargement topics aside, I’m particularly interested in the rhetoric that scammers use to trick people into clicking, thinking the email is legit (even if the email is already in the reader’s spam folder!).
A serious flaw has been discovered in the Spiceworks application, which creates an admin account for anyone logging in using their Facebook or LinkedIn details.
LinkedIn will continue a bug bounty program that pays out to a closed group of security researchers, claiming that an invite-only approach reduces the number of irrelevant reports.
Probably when you were reading about the privacy policy on Facebook or Twitter, you skipped the part of ‘how to protect yourself from cyber attackers’. Each time you download a new application you agree to its terms and conditions, and we are sure that you don’t stop to read them and never worry about how the applications manage your sensitive information.
Social networks strive to inform you on how they protect your information and what can you do to contribute to this task. That’s why they offer the information in the most understandable possible way.
Facebook the most complete
Facebook just had its guide to security redesigned and in the ‘How to Keep Your Account Secure’ section offers new recommendations on how to prevent cyber-attacks through interactive graphics. And to assure everyone can read these tips, they are available in 40 languages and you can share them on your profile.
The recommendations “focus on the tools we make available to help you secure your account, the steps we take to keep your information secure, and the ways you can recognize and avoid attempts to compromise your information” explained Melissa Luu-Van, product manager at Facebook. Van-Luu added in the same post that already millions of people have read the new privacy settings launched last November.
Click on ‘help’ if you think your account might have been taken over by someone else, explain you that you have to log out if you are not using your habitual computer or inform you that you can report suspicious profiles and posts are some of the features included in the new security collection.
The guide also warns you of the possibility of a phishing attack. Facebook will never send you an email asking for your password, so if you ever receive an ‘email’ requesting this information could come from a cyber-attacker who created a fake web site to steal your information.
LinkedIn the less organized
Facebook isn’t the only social network which has improved its security information recently. LinkedIn has also a new ‘Security Blog’ with helpful guidelines. “We’ll use this site to share some of our security research, whitepapers on how we handle data and the security features and diligence we’ve built into our products. If you are responsible for information security at an enterprise that uses LinkedIn’s products” says Cory Scott, LinkedIn’s Information Security Director.
This professional network explains how your information is used and protected. For example, inform that they can hire third party companies to provide their services with limited access to your information. In addition its support center offers advice on how to better protect your account: changing your password regularly, check the privacy settings or activate the two-step verification to prevent phishing attacks, that many users have suffered in the last few months. Nevertheless, this information is less organized than in Facebook, so you will have to dive deeper to find what you want.
Twitter the one that offers personal tips
Twitter also wants to show you its way of protecting your information. If you are interested to know more details, in their help center there is a wide security and protection section, you can access it from the tab of ‘help and support’ in your profile.
Here you can find out some tips on how to maintain secure account (similar to other social networks), or how to inform Twitter if you find your account has been violated. The company pays special attention to cyberbullying and includes custom security tips for teens, parents and teachers.
What about Google?
But not only social networks detail their security policy; google has been doing it for a while. A complete manual is included in the web ‘How to stay safe and secure online’ where explains how to prevent cyber-attacks protecting your passwords, checking your Gmail’s settings or verifying the emails’ sender if you think it might be a scam.
You can also dig through all the security and privacy tools offered, like two-step verification or who to browse through Chrome without your computer recording it in your browsing history.
So, if you ever wonder how the services you trust every day protect your information against cyber-attacks now you have no excuse, the answer is here!
Nowadays, practically everyone has a profile on LinkedIn. This is a useful tool for letting companies know who you are, your work experience, your present position and the best way to contact you. Along with other personal details, it is common to include an email address.
Yet despite these benefits, the platform also has its drawbacks, at least when it comes to security. The tool is not only useful for human resources managers, but also for spammers and cyber-criminals on the lookout for email addresses to which to send fraudulent messages.
More often than not, the real target of these attacks is not the owner of the email account, but the company where they work, and its data. For a cyber-criminal, this social network is like an address book containing the company email addresses of thousands of users, who use these addresses instead of their personal ones for any professional business.
Once they have found several accounts with the same company name, they make a note of the address structure (usually [email protected]). Then, with a slightly more refined search, they can get a list of all employees’ email addresses.
If the hacker knows the structure of the network that the company uses, they can access the system by sending an email to the employees in their address book. This mail might include, say, a link to a page where the recipients are asked to enter the username and password to access the organization’s platform. Once they have them, they have free reign to spy on internal information.
Those often excluded from the attack are the IT department, as they might rumble what’s going on. However, customer services, marketing, accounts, and human resources are much more attractive targets for hackers.
If the criminals manage to enter the systems, this is just the first step to getting other type of information: personal details, account numbers, passwords and databases can all be compromised.
Companies often encourage employees to have a presence on Linkedin. Yet saying where they work, looking for new customers and employees and increasing brand visibility on the Internet has its risks.
How to keep unwanted messages out of your professional inbox
Stay up-to-speed on IT security. It’s a good idea to go on courses or for companies to organize workshops. If employees can recognize scams it can help prevent them from falling into the traps set by criminals.
Employees should be clear about what kind of data they will be asked for on the company’s ICT platforms so as not to enter personal information on external websites. Recognizing the email account used for internal memos is also a useful aid for distinguishing suspicious messages.
Another thing you should consider when protecting your company (and also yourself) is to understand the mechanisms that are available to alert technicians to any strange items. IT managers can also play their part, warning about the importance of these actions. A timely warning can prevent someone from clicking a fraudulent link or revealing personal data.
Use a personal email account in LinkedIn. This makes it more difficult to identify, although the same advice still applies: don’t open emails from unknown senders, don’t click on the links to unknown content and be careful where you enter your data.
