246 Chapter 10 ■ Social Engineering
■ Educate employees on the use of strong passwords like the ones they use, or should be
using, in the workplace.
■ Avoid the use of public profiles that anyone can view. Such profiles can provide a
wealth of information for someone doing research or analysis of a target.
■ Remind users of such systems that anything published online will stay online, even if
it is removed by the publisher. In essence, once something is put online, it never goes
away.
■ Educate employees on the use of privacy features on sites such as Facebook, and take
the initiative in sending out e-mails when such features change.
■ Instruct employees on the presence of phishing scams on social networks and how to
avoid and report them.Remember, it is always better to be safe than sorry when it comes to
deciding what information you feel comfortable sharing with others. There
are loopholes and drawbacks to every system, and even though you employ
strong security settings and limit access to your profiles, someone may still
gain access to that information. So, never include any contact information
in a profile. If you’re using social media for business purposes, make sure
the contact information consists of addresses and phone numbers that
are generic for the company, and use extreme caution when distributing
a direct line to people with whom you have not yet developed a personal
relationship. Hackers and identity thieves are skilled at what they do, and it
is your responsibility to defend against them. Make sure you understand the
security and privacy settings for your Facebook and other online accounts.Commonly Employed Threats
Many threats will continue to pose problems for those using the Internet, and unless you
opt to stop using this resource, you must address the threats. This section explores threats
targeted toward human beings and the weaknesses of human nature.
What type of threats target users and prey on human nature? The following are just a few:Malware This can be used as an all-inclusive term for viruses, spyware, keyloggers,
worms, Trojan horses, and other Internet threats.Shoulder Surfing This type of attack takes place when one party is able to look over
another’s shoulder or spy on another’s screen. This is common in environments of every
type, because when you see other people watching what you are doing, you attribute it to
normal human curiosity and think little of it.Eavesdropping This involves listening in on conversations, videos, phone calls, e-mails,
and other communications with the intent of gathering information that an attacker would
not otherwise be authorized to have.