Home Page Navigation Contents Contact Sitemap Search

Social media and networks

Social media like Face­book, Insta­gram or YouTube are booming. At first glance, these don’t seem to pose any imme­diate threat to e-banking. How­ever, due to their wide­spread and often care­free use, they are also of interest to criminals.

Pro­tect your­self by...

  • only ever posting infor­ma­tion you would also be happy to dis­close to a com­plete stranger in the street, too.
  • lim­iting access to the infor­ma­tion you post (pri­vacy settings).
  • only accepting people as “friends” who you actu­ally know in some other way (for instance, personally).
  • applying a “healthy dose of sus­pi­cion” when­ever you receive mes­sages from people you don’t know.
  • not clicking on any links orig­i­nating from unknown sources, and checking doc­u­ments, pic­tures, videos etc. first before you open them.
  • using dif­ferent and strong pass­words for dif­ferent services.
  • using up-to-date soft­ware (browser, oper­ating system, anti-virus, etc.).

Hackers just love social media

Social media are fre­quently used by crim­i­nals as so-called “virus spreaders” for sys­tem­at­i­cally placing links aimed at dis­trib­uting mal­ware.

These net­works also allow them to gain insight into per­sonal infor­ma­tion about people, which can then be used for a tar­geted attack in a next step.

Per­sonal information

You use social media to share photos and per­sonal details with “friends”. Such infor­ma­tion though can also be abused by attackers, for instance for a “social engi­neering” attack.

You should there­fore con­sider very care­fully what kind of infor­ma­tion you dis­close in your pro­file: Only ever post per­sonal data which you would be happy to pass on to a com­plete stranger in the street as well.

A “healthy” dose of sus­pi­cion should gen­er­ally be applied when using these net­works. You should only ever accept friend­ship requests from people who you know either per­son­ally or through some other channel.

Files such as doc­u­ments, pic­tures, videos etc. should always be checked with your antivirus soft­ware first. And this no matter whether they orig­i­nate from a trust­worthy or non-trust­worthy source.

Posts and interactions

Please be aware that it is not just per­sonal data pub­lished by you, but also all your posts and inter­ac­tions such as likes, shares etc. which are analysed by ser­vice providers and then aggre­gated into a (poten­tially unfavourable or even plain incor­rect) user pro­file, which they may for instance then sell on for adver­tising pur­poses. These pro­files they gen­erate spread rapidly across fur­ther social net­works, sur­vive for sev­eral years and are dif­fi­cult to erase, or cannot be deleted at all.

For social net­works, you should there­fore remember the fol­lowing: Don’t just com­mu­ni­cate cau­tiously, but also think about what you post!

Links

One click on a link leading to a mali­cious web­site is enough to infect your device with mal­ware (Drive-By Down­load). You should there­fore think hard about whether you would really like to see the con­tents before opening any link, and whether this came from a trust­worthy source.

Under www.getlinkinfo.com you can check short­ened link addresses (see Fur­ther infor­ma­tion).

It is also vital that browser, oper­ating system and antivirus soft­ware in par­tic­ular plus all other soft­ware are always kept up-to-date (“Step 3 - pre­vent”).

Log-in and password

Require­ments con­cerning a good pass­word also apply to social media and net­works. It is absolutely nec­es­sary to treat access data confidentially.

It is also impor­tant to use dif­ferent pass­words for dif­ferent ser­vices, too. Never use the same pass­word for your social media and net­works as for your e-banking facility.

To better pro­tect your social accounts, you should also use two-factor authen­tifi­ca­tion of your respec­tive ser­vice providers, if at all possible.

Data pro­tec­tion

In con­nec­tion with social media and their use, great emphasis is also placed on pro­tecting your per­sonal infor­ma­tion. Infor­ma­tion and tips as to appro­priate behav­iour can be found on the Fed­eral Data Pro­tec­tion and Infor­ma­tion Com­mis­sioner (FDPIC) website.

Rec­om­mended settings

Social media offer many con­fig­u­ra­tion options. Our check­lists are meant to assist you in estab­lishing secure Face­book, Twitter, Insta­gram and LinkedIn configurations.

Social media only seem­ingly have nothing to do with e-banking secu­rity, since fraud­sters are not choosy as to the source of infor­ma­tion they can tap.

It only takes a few effec­tive mea­sures to use these new media without having to worry about it.

 

Info sheet: Down­load (PDF)

Fur­ther infor­ma­tion for all those interested

Some social media limit the max­imum length of posts pub­lished. Twitter for instance only allows 280 char­ac­ters per mes­sage. To enable you to also post longer links, there are cer­tain web­sites offering a ser­vice to shorten such links. For instance,

“https://www.ebas.ch/de/ihrsicherheitsbeitrag/erweiterter-schutz/114-socialengineering”

is trans­formed into

“http://bit.ly/P4u765”.

From this short­ened address, you can no longer estab­lish directly where this link will actu­ally lead. This can be exploited by crim­i­nals to use short­ened links pointing to infected websites.

Before clicking any short­ened link, you should there­fore check the orig­inal address first. You can for instance check where short­ened link addresses lead on www.getlinkinfo.com. In addi­tion to the orig­inal address, you will also be pro­vided with fur­ther infor­ma­tion on the web­site involved.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic course

Find out about cur­rent Internet threats and some easy pro­tec­tive mea­sures, and how to securely use e-banking.

fur­ther information

Online course mobile banking/payments

Find out about mobile banking, mobile pay­ments and how to securely use these apps.

fur­ther information

Online course for the under-30s

Learn how to use your smart­phone securely. Next to basics, we will show you what you should know about social media, clouds, mobile banking and mobile payments.

fur­ther information

Course for SMEs

Is your organ­i­sa­tion suf­fi­ciently secure? Learn which mea­sures you can take to sig­nif­i­cantly strengthen your organisation’s IT security.

fur­ther information