Social media and net­works

Social media like Face­book, Insta­gram or YouTube are booming. At first glance, these don’t seem to pose any imme­diate threat to e-banking. How­ever, due to their wide­spread and often care­free use, they are also of interest to crim­i­nals.

Pro­tect your­self by...

  • only ever posting infor­ma­tion you would also be happy to dis­close to a com­plete stranger in the street, too.
  • lim­iting access to the infor­ma­tion you post (pri­vacy set­tings).
  • only accepting people as “friends” who you actu­ally know in some other way (for instance, per­son­ally).
  • applying a “healthy dose of sus­pi­cion” when­ever you receive mes­sages from people you don’t know.
  • not clicking on any links orig­i­nating from unknown sources, and checking doc­u­ments, pic­tures, videos etc. first before you open them.
  • using dif­ferent and strong pass­words for dif­ferent ser­vices.
  • using up-to-date soft­ware (browser, oper­ating system, anti-virus, etc.).

Hackers just love social media

Social media are fre­quently used by crim­i­nals as so-called “virus spreaders” for sys­tem­at­i­cally placing links aimed at dis­trib­uting mal­ware.

These net­works also allow them to gain insight into per­sonal infor­ma­tion about people, which can then be used for a tar­geted attack in a next step.

Per­sonal infor­ma­tion

You use social media to share photos and per­sonal details with “friends”. Such infor­ma­tion though can also be abused by attackers, for instance for a “social engi­neering” attack.

You should there­fore con­sider very care­fully what kind of infor­ma­tion you dis­close in your pro­file: Only ever post per­sonal data which you would be happy to pass on to a com­plete stranger in the street as well.

A “healthy” dose of sus­pi­cion should gen­er­ally be applied when using these net­works. You should only ever accept friend­ship requests from people who you know either per­son­ally or through some other channel.

Files such as doc­u­ments, pic­tures, videos etc. should always be checked with your antivirus soft­ware first. And this no matter whether they orig­i­nate from a trust­worthy or non-trust­worthy source.

Links

One click on a link leading to a mali­cious web­site is enough to infect your device with mal­ware (Drive-By Down­load). You should there­fore think hard about whether you would really like to see the con­tents before opening any link, and whether this came from a trust­worthy source.

Under www.getlinkinfo.com you can check short­ened link addresses (see Fur­ther infor­ma­tion).

It is also vital that browser, oper­ating system and antivirus soft­ware in par­tic­ular plus all other soft­ware are always kept up-to-date (“Step 3 - pre­vent”).

Log-in and pass­word

Require­ments con­cerning a good pass­word also apply to social media and net­works. It is absolutely nec­es­sary to treat access data con­fi­den­tially.

It is also impor­tant to use dif­ferent pass­words for dif­ferent ser­vices, too. Never use the same pass­word for your social media and net­works as for your e-banking facility.

Data pro­tec­tion

In con­nec­tion with social media and their use, great emphasis is also placed on pro­tecting your per­sonal infor­ma­tion. Infor­ma­tion and tips as to appro­priate behav­iour can be found on the Fed­eral Data Pro­tec­tion and Infor­ma­tion Com­mis­sioner (FDPIC) web­site (in German).

Rec­om­mended set­tings

Social media offer many con­fig­u­ra­tion options. Our check­lists are meant to assist you in estab­lishing secure Face­book and Twitter con­fig­u­ra­tions.

Social media only seem­ingly have nothing to do with e-banking secu­rity, since fraud­sters are not choosy as to the source of infor­ma­tion they can tap.

It only takes a few effec­tive mea­sures to use these new media without having to worry about it.

Fur­ther infor­ma­tion for all those inter­ested

Some social media limit the max­imum length of posts pub­lished. Twitter for instance only allows 140 char­ac­ters per mes­sage. To enable you to also post longer links, there are cer­tain web­sites offering a ser­vice to shorten such links. For instance,

“https://www.ebas.ch/de/ihrsicherheitsbeitrag/erweiterter-schutz/114-socialengineering”

is trans­formed into

“http://bit.ly/P4u765”.

From this short­ened address, you can no longer estab­lish directly where this link will actu­ally lead. This can be exploited by crim­i­nals to use short­ened links pointing to infected web­sites.

Before clicking any short­ened link, you should there­fore check the orig­inal address first. You can for instance check where short­ened link addresses lead on www.getlinkinfo.com. In addi­tion to the orig­inal address, you will also be pro­vided with fur­ther infor­ma­tion on the web­site involved.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic courses

This basic course will point out cur­rent threats on the Internet and con­veys mea­sures as to how you can pro­tect your­self by taking some simple mea­sures.

fur­ther infor­ma­tion

Prac­tical courses

Learn and prac­tice the most impor­tant mea­sures for your com­puter and e-banking secu­rity on com­puters pro­vided by us.

fur­ther infor­ma­tion

Send this to a friend