Publication: Educating Users To Mitigate Social Engineering And Privacy Risks In Social Networking Services
No Thumbnail Available
Date
2012
Journal Title
Journal ISSN
Volume Title
Publisher
Malaysian Society for Engineering & Technology
Abstract
Social engineering is a common tool for privacy attacks and identity theft. With the increasing popularity of social networking services, users are more susceptible to privacy risks as these websites can be used as a tool to harvest information from unsuspecting targets. This paper looks at how much information can be collected from seemingly harmless online quizzes designed for social network websites. We first design an experiment to carefully collect publicly available data from user profiles. We then discuss how the harvested information can be misused by the attacker to initiate different attacks against users� private information. Finally, we propose a solution to mitigate these risks by reducing the risk level on each individual as well as the organizational level. Our research is a strong indication of social networks potential for harvesting users� private information and reflects the positive role of user education in mitigate this risk.
Description
Keywords
social engineering, privacy risk, social network, information harvesting.