Social Media: a Vector for Cyber Crimes
Author: Tulika Bose
College: Army Institue of Law
Introduction: Social media is the most efficient method of sharing data but it is also a target for criminals to track and compromise information about oneself, company enterprise, etc. This acquired information is leaked for trading which might prove to be detrimental to the privacy of the user. Be it an individual or a company, it may turn out to be the ideal prey for cybercriminals, regarding the data shared on social media
Targets are just two clicks away from getting their information scattered on social media to be compromised by such cyber attacks.[i] This is because data is readily available and many cybercriminals are already doing this. For example, on Facebook, a quick search for some credit card credentials, within minutes, could enable such people to hack and gain access to one’s bank account.[ii] An infrastructure is provided by social media networks to contact like-minded people, and since most of them don’t have identity verification process, promoting anonymity thus, policing them is a rigorous task. It takes minutes to set up a fake profile to avoid identification. Also to garner maximum users, social media sites have provided simple access. But due to the inherently open nature of these leading to breach of security and promotion of anonymity being a typical instance.
About: Cybercriminals generally target websites with large user bases, such as Facebook, Twitter, LinkedIn, and Instagram. A majority of current attacks modeled after the older Koobface malware, only use the social platforms as a delivery mechanism. This information can be put various illegal representations with negative repercussions. Social media attacks can hack into users’ accounts, upon login, by stealing their authentication credentials. For the purpose of discreetly pulling personal data from users' online friends and colleagues, this is done.
The "false flag" is yet another social media attack exposed back in 2014. It essentially tricks a user to reveal personal data or login credentials under the guise of the site. The attack will immediately steal all the usernames and passwords stored to take personal information about the user, upon changing the passwords.
Discussion/Issue/Analysis: There are three kinds of cyber crimes on social media by their method of operation, namely:
- Broad-sweep scams which may enable tricking for valid personal data.
- Scams which attempt to lure one to click on or visit pages, which contain a push malware to infect one’s computer.
- Acquisition of personal data via hacking.[iii]
Initial malware, in many cases, is just a method to gain access to the system. It doesn't directly cause adverse effects. But this access may then be put up for sale, once a backdoor is established to the infected computer. Criminals may install software once the access to these infected computers is received. This software proceeds to hijack the victim's online banking or collects personal data like usernames and passwords.[iv] Installing Ransomware is one of the most profitable scams. They refer to a set of malicious software that can encrypt the data on a victim's computer and ransom in the form of financial gratification is asked for, to restore the system to its original state.
In a case, two persons, including alleged mastermind Debasis Pandit, a BCA student and Rabi Narayan Sahu were arrested in an online fraud racket busted by the Rourkela police worth Rs 12.5 lakh. The accused were alleged to hack into the eBay India website and make purchases under the guise of the credit cardholders whose numbers were stolen. Under Sections 420 and 34 of the Indian Penal Code and Section 66 of the IT Act, a case was registered, and further investigation was held. According to the evidence produced and facts stated, Pandit was arrested from his residence Sahu, his associate, and was nabbed at his house. The accused had allegedly hacked into the eBay India website. He then proceeded to collect the details of at least 700 credit cardholders and made purchases by using their passwords. The fraud was initially noticed by the eBay officials when it was detected that while the customers were based in cities like Bangalore, Jaipur and even London, several purchases were made from Rourkela. The matter is then brought to the notice of Rourkela police by the company after the affected lot had lodged complaints. The accused were forwarded to the court of the sub-divisional judicial magistrate.
Conclusion: In order to prevent social media breaches and secure company data protect user information, privacy maintenance and protection of anonymity increased vigilance by individual users and enterprise policies are the best ways to ensure data breaches are avoided.
People should also take Basic precautionary measures like avoiding re-following anyone who followed them on Twitter, entering secured websites, using anti-phishing software, checking the authenticity of the sites they log into and e-mails sent by them, and being cautious of the kind of personal information they share online.
[i] Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing
[ii] Rourkela case.
[iii] Robert Davis, Bodo Lang & Josefino San Diego. A Comparison of Online and Offline Gender And Goal Directed Shopping Online.
[iv] Hoon Park Young Gul Kim, (2003), Identifying Key Factors Affecting Consumer Purchase Behaviour in an Online Shopping Content: International Journal of Retail & Distribution Management, 31 (1) pp. 16-29.
Disclaimer: The opinions expressed in the article or any other publication are those of the authors. They do not purport to reflect the opinions or views of Educoncours or its members.