Teaching Smart Social Networking
BackBy Agatha Gilmore — January 2009
You’ve got a 10-minute break between classes. What do you do? Grab a snack, hit up office hours, maybe log on to Facebook and scan your friends’ profiles for the latest gossip?
All are viable options, unless you’re a student at Concordia University in Montreal.
Since September, Concordia University has banned the use of Facebook on all on-campus terminals, including desktop computers. According to published reports, the ban was implemented after Concordia officials noticed an increase in spam and phishing attacks that technical experts traced to social networking sites, particularly Facebook.
“Social networking was a new playground for spammers,” explained David Poellhuber, president of Zerospam, a provider of professional e-mail filtering services. “It offered them a fresh crop of targets — mostly young people, tech-savvy people [who are] perhaps not so security-conscious.”
In fact, users who have grown up with computers are prime targets for social networking attacks because they’re inherently hungry for content and used to clicking around online to obtain it, Poellhuber said.
“They want to get the features, they want to get the application, and they will click ‘yes,’” he said. “They will click ‘yes’ to Google, which will read their e-mail. They will click ‘yes’ to any Apple store, which will hold their credit card information. They just want to get [the programs] running. The fact is that the digital natives are probably more lax than the analog natives on privacy protection.”
Simply posting your e-mail address online opens you up to hacker attacks, Poellhuber said.
“Doing that not only is an invitation to spammers, but it also compromises the internal e-mail syntax structure. An educated spammer could, in fact, deduce what your e-mail syntax is [and send spam to] not only you but also your whole company,” he said.
Hackers and spammers do need to work harder to obtain personal data via social networking sites, but the payoff is worth the work.
“They have to use fake invites, they have to create fake profiles — they even have to use phishing techniques to get the user credentials and then actually take over the compromised accounts,” Poellhuber said. “But in the end, the reward is quite good because, since social networking is based on trust, they might very well have a larger response rate than they have with the traditional techniques.”
That means if a hacker spams the entire populations of Facebook and MySpace combined — roughly 170 million people — and achieves one click in 10,000 or even one in 20,000, it’s still a good business.
“It’s the law of large numbers,” Poellhuber said.
Despite the risks of social networking on campus, however, Poellhuber said restricting access is not the best option. “Blocking social networking sites is the best way to create a riot,” he joked.
So what can students and universities do to ensure everyone enjoys a safe social networking experience?
“The answer lies far more in education than anything else,” Poellhuber said. “A lot of this has to do with helping the users behave properly.”
As a student, you should be aware of the security features available on sites such as Facebook. For example, you can change your privacy settings to limit the visibility of your online profiles to approved members. Additionally, you should try to avoid publishing your e-mail address.
Also, keep in mind that the larger your network of virtual “friends,” the greater your risk of being spammed.
"How much trust can you put into a 700-people network? As it grows larger, I think the trust goes lower," Poellhuber said.
Poellhuber also recommended students be extra vigilant when logging on to social networking sites "just to make sure they’re on the right site and not a phish site."
Educational institutions should be broadcasting these guidelines as effectively as possible, but the IT community also holds responsibility.
– Agatha Gilmore, firstname.lastname@example.org