Online Social networking sites saw an exponential
growth in recent years and became a very popular way of communicating and
interacting with friends and family members. It has also become one of the most
emerging media of communication. Online Social Networks (OSN) makes the
communication cheaper and quicker 1.Users who use this Online Social Networks
(OSN) share and provide an astonishing amount of personal data on these
networks and this pose a very serious privacy and security concerns.
Multiple social networking websites such as
Facebook, Twitter, MySpace, and Google Plus exist but the people all over the
world mostly use very few. Users of online social networks must need an e-mail
address to create the profile to start the communication process with others
1. Most of the users on OSN also provide various personal details like mobile
number, date of birth, residential addresses, and personal images. Further,
they also give other details such current location, day-to-day activities,
lifestyle, likes, dislikes, and financial details.
As users share their personal information on OSN,
most of them give this information without any careful considerations. Hence,
OSN becomes a large pool of sensitive data. Cybercriminals and people with
malicious intent can use this detail for their personal benefits or harm users
present on these OSN. Moreover, social network users tend to have a high level
of trust toward other social network users. They tend to accept friend requests
easily, and trust items that friends send to them 2.Cybercriminals exploit
sensitive data and chain of connection through social engineering and reverse
social engineering 2. The goal of these two methods is to obtain users’
context-information i.e. information related or meaningful to users. Both
methods are being used prior to other attacks such as phishing, spamming, and
malware attacks 2.
There are various kinds of security, and privacy
issues exist in OSN. Some of them are Image tagging, User’s anonymity, Fake
profile, Social phishing, E-mail spam attack, Malware attack and Identity
theft. Below we are describing all these issues one by one.
Most of the users use their real name on these
OSN so that anyone with their real name can search user’s profile on these
social networks. Also on the search engines as they can also generate index
profile of users present on these OSN. Therefore, it becomes very easy for
criminals to find details about their target users or they can search new
target based on this technique.
Cybercriminals and attackers create their fake
profiles to connect to their target users and lure them to view their profile.
The fake profiles can be like a girl’s profile or a celebrity profile so that
they can contact the victim. As a result, the attackers use their profile’s
details or send them some malicious links. Attackers can also use OSN users’
personal details and can create own fake profile.
Social phishing is a type of attack in which
attacker creates a website similar to the original website. In addition, it
also lures users to their website and asks for some sensitive information such
as password, financial details, or any other personal information 1, 2. For
instance, the attacker will send the message to the victim that “you have
to authenticate your profile otherwise your profile will be deleted.” In
addition to that, another message such as “your password has expired you
have to change your password” is also very common. When the victim visits
the particular fake website, it will prompt the user to enter the sensitive
information like the username or password of the victim. Most of the time the
attacker is successful with social phishing because of the unawareness from the
users side 2. Once the attacker has user’s personal details he can use that
for his own benefit.
In this type of attack, the hacker or attacker
gets the email address of the victim from its’ OSN profile. As a result, the attacker
could forward the spam emails to users anytime. Most of the users on OSN keep
their email address available public and the attacker can easily identify it.
If the user keeps their email id as private or hidden, then it can be guessed
with the victim’s first and last name. Besides, most of the social networking
websites offer friend search or profile search through e-mail. The attacker can
easily obtain any details from these features offered by the OSN 2.
Since the main concept of social networks relies
upon a relationship among users within the systems, malware can easily spread
through this interconnection. Many social networking websites still lack
mechanisms to determine whether URLs or embedded links are malicious or not. Hence,
attackers can exploit this flaw easily. The ill-disposed link can redirect
victims to malicious websites to victim’s computer to steal information or use
the computer to attack others 1. Once the user clicks, the malware URL false
information will be posted on the victim’s wall. Similarly, by clicking the
malware URL a client-side code will be installed on the victim’s system to
steal the information stored on the machine 2.
Identity theft is a big issue on OSN as many
attackers and criminals create some popular profiles or celebrity profiles. In
addition, they also mislead and lure other users to add to their communication
group or their friend’s list. This theft is also called profile cloning where
attacker exactly clones profiles of other users and steal their personal
identity. This identity theft also includes cross-site profile cloning, where
criminals create a similar profile on other sites where users are already
registered. Also not only they had send new friend requests to all but to the
contacts in another social networking site too2.
By carefully studying all these securities and privacy loops in OSN it is
obvious that social networking sites are not completely safe to use.
Furthermore, cyber criminals and other sick-mind people can use our personal
information to harm our identity or us. All users should have to be careful in
sharing their personal information and should be aware of whom they are adding
to their network or interacting with. By using the latest browser, not sharing
many details, carefully adding people on their network and with little
attention, they can avoid such security holes while using OSN.