Social media and networks such as Facebook and Twitter are booming. At first glance, these applications don't seem to pose any immediate threat to e-banking facilities. Due to their widespread use however, they have become very interesting for criminals, too.
- only ever publishing information about yourself which you
would also be happy to share with total strangers in the street.
- limiting access to your published information. (privacy settings)
- only accepting people as «friends» which you also actually know in real life.
- applying a healthy dose of mistrust regarding any messages received from people you don’t know.
- not opening any links (documents, pictures, videos, etc.) from unsecure sources, and checking them before clicking on them.
- making absolutely sure that you are using different and strong passwords for your various services.
- using up-to-date software (browser, operating system, antivirus software, etc.).
Criminals often deliberately place links, abusing social media and networks to act as so-called «virus or malware spreaders» to distribute their malware. These networks could also be potentially used to capture valuable and very personal information about people, which can then be used to target victims for an attack.
The basic idea behind social media and networks is sharing information, photos and other personal details with «friends». However, such details can also be abused by an attacker, for instance for a «social engineering» attack (see info sheet «Social Engineering»). You should therefore very carefully consider any information you disclose on your profile. The basic rule is: «Only ever publish information about yourself which you would also be happy to share with total strangers in the street.»
A «healthy dose» of mistrust must also be employed when using such media and networks. You should only accept friendship requests from people you actually know in real life. Requests and notifications from people unknown to you should not be accepted or opened. In particular files such as documents, pictures, videos, etc. should always be checked with an up-to-date antivirus program first. And it doesn’t matter in this case whether they come from a trustworthy or non-trustworthy source.
Social media offer a multitude of configuration options. It’s not always easy to keep track of all the various settings Facebook offers and to select the best ones for your purposes. Our checklists will assist you in finding your optimum Facebook and Twitter configurations.
A drive-by infection can infect computers with malware without users actually being aware of it. It is sufficient to simply visit or surf to an infected website. For this reason you should thoroughly consider whether you would really like to see the contents of a link, and whether it came from a trustworthy source, before opening it. It is also vital that browser, operating system and antivirus software in particular, and also all other software, is continuously updated so you have the latest version (step «4 - prevent»).
Twitter allows 140 characters per message. So that longer links can also be sent, there are several websites offering their services to shorten them. «https://www.ebas.ch/en/ihrsicherheitsbeitrag/erweiterter-schutz/114-socialengineering» for instance turns into «http://bit.ly/18F6NUe». These shortened links no longer enable you to see where the link actually leads. This can be exploited by criminals who use shortened links pointing to infected websites. Before you click on a shortened link, you should therefore check the original address first, which you can do on such sites as www.getlinkinfo.com. In addition to the original address, you will also be provided with further information about the original site here.
Login and password
The requirements for a good password (see article on «Secure passwords») also apply to social media and networks. Access data must always be kept confidential. It is also important that you employ different passwords for all the various services you use. In any case, you must never use the same password for social media and networks as for your e-banking !
In connection with social media and their use, data protection, i.e. protecting your personal details, is paramount. You can find information and hints on how to use these sites on the Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter (EDÖB) website. (http://www.edoeb.admin.ch/datenschutz/00683/00690/00691/00693/index.html?lang=de)