UMass Boston

Social Media Security

Large social sites are naturally a magnet for hackers and are particularly vulnerable because of their use of web applications, which are an easy conduit for spreading viruses. Currently most viruses/malware are spread on social websites via what's called 'social engineering.' Social engineering simply relies on sloppy practices encouraging clicks, links, and attachments of malicious code to friends to spread the virus or the agent of the virus.

Social networking sites are all designed to allow you to decide what information you want to share, and how often and with whom you want to share it. What makes these sites so powerful is how easy it is to share with others and watch and learn what others are doing. However, with these amazing capabilities come many risks.

1. Posting Personal Information About Yourself


Social websites allow you to post and share a tremendous amount of information. If you’re not careful, this information can harm you.

Criminals and attackers look for highly personal information. Based on details of your life you’ve shared, they may be able to

  • guess your passwords
  • impersonate you online
  • steal your identity

In addition, organizations hiring new employees or universities reviewing new students often do background checks on popular social networking sites such as Facebook.


  • Do not post any embarrassing information or photos of yourself. If it is something you would not want your boss or family to see, you should not post it.
  • Never post personal details such as
    • birth date
    • home address
    • identification numbers
  • Turn privacy settings to “high.” Only allow people in your ring of accepted friends to view your information.

2. People Posting Information About You


Even more challenging to control is information others publish about you on their own sites. Photographs, videos, or online chat sessions can easily be shared.


  • Inform your friends what information they can and cannot share about you.
  • Review their sites to see what they have posted about you.
  • Contact the website’s abuse center.

3. Third Party Apps and Games


Some social websites have additional third-party programs, such as games you can install. These programs are usually not developed or reviewed by the social networking website.


  • Always be careful when using third-party programs, as they can potentially infect your computer or access your private information.

4. Knowing Who to Trust


One of the exciting features about social networking is the ability to quickly and easily interact with others. The issue is these websites make it easy for attackers to impersonate people you trust. If you blindly accept any request to join your network, then you have no privacy protection.

Another common attack occurs when criminals hack an account on a social networking site and pretend to be the victim. The criminal posts messages to all of the victim’s friends, pretending to be the victim and tricking their friends to visit a website or install a program.

When people visit the websites or install the program, their accounts or computers are often hacked. Criminals are using your trust of others to attack you.


  • Only accept friends or contacts you know
  • If a friend’s request seems odd, confirm it is your friend and not a criminal or virus that has taken over their account.
  • When in doubt, call your friend to verbally confirm the request.
  • Be selective about the links you click. When friends send you links to sites, apps, etc, don't just click on them. Hover your mouse over the link, look at it in its entirety, see what data is going to be passed to it, and then decide. You might even cut-and-paste the URL into another browser and go there separately. Often times the link’s URL gives a good indication of its source.
  • Be choosy about your friends. This is easier said than done. Just because someone sends you a request, doesn't mean you should accept it. A good rule of thumb is to only accept invitations, etc. from people you know or someone who has bothered to put a referral name in the invitation. This can weed out a lot of potential ne'er-do-wells.
  • Use a secondary email account. When possible, if you don't use the site for your main forum for communication, use a secondary email account to avoid spam or having your email address hijacked. Once you've verified the authenticity of the other party, you can then let them know to correspond with you outside of the social media site using your primary account. This may seem inconvenient, but there are many instances of hijacked email accounts and this removes the potential for a ton of spam, and makes for a happier and healthier 'inbox.'

5. Complex Privacy Settings

Most social networking sites such as Facebook offer privacy controls. These are settings you can configure to determine who can and cannot access information on your page.


The problem with most privacy controls is that they are complex. You may think your information is protected, but you may be surprised to learn others can access it, such as Friends of Friends.

Also, privacy controls may not work as you expect, so in some cases people who are not your friends or even third-party applications can still access your information.

Finally, even once you figure out the privacy options they often change.


  • Limit the amount of personal information you post.
  • Assume any information you do post will eventually become public, regardless of the privacy controls you use.
  • If you do not want your boss, coworkers, or family members to find out about it, you shouldn’t post it.
Information Technology Services
Healey Library, 3rd Floor