In a world increasingly marked by the phenomenal increase in the use of social networks, many users are unwittingly exposed to various threats that can affect their security and privacy. We can distinguish four categories of threats: classical threats, modern threats, combined threats, and threats targeting children.
Classical threats
Classical threats have become increasingly viral due to their strong spread among social network users. Indeed, through tools and techniques such as malware, phishing, spam, and cross-scripting, an attacker can take advantage not only of the personal information published by a user in a social network but also that of his friends, simply by adapting the threat to the latter's personal information. Generally, this category of threats targets essential and everyday information of Internet users, such as credit card numbers, account passwords, etc. It can also relate to the stolen credentials of the victimized user to post messages on their behalf or even modify them.
Malware
Malware is malicious software developed for the purpose of harvesting an online user's credentials from their computer and gaining access to their personal information. Malware in social networks uses the structure of these networks to spread among users and their connected friends. Malware can even use the collected credentials to impersonate the attacked user and send contagious messages to their online friends.
Phishing
Phishing attacks are a form of social engineering aimed at acquiring sensitive and private user information by posing as a trusted third party. A study showed that users who interact on social networking sites are more likely to fall into the phishing trap due to their social nature and trust. Spammers. Spammers are users who use email systems to send unwanted messages to other users. Online social networks can be used by spammers to send advertising messages to other users by creating fake profiles or add comment messages to pages that are viewed by many network users.
Cross-Site Scripting (XSS)
An XSS attack is an attack against web applications. The attacker using XSS exploits the web client's trust in the application and causes the client to execute malicious code capable of collecting sensitive information. Online social networks, which are types of applications, can easily fall victim to XSS attacks. In addition, attackers can use an XSS vulnerability combined with the infrastructure of these networks to create an XSS worm that can spread virally among users of the social network.
Internet fraud
Internet fraud, also known as cyber fraud, is to use of Internet access to defraud people or profit from it. In the past, scammers used traditional social networks, such as weekly group meetings, to gradually build strong connections with their potential victims. Today, according to the North American Securities Administrators Association (NASAA), with the growing popularity of online networks, scammers have turned to social networks to build trust with their victims and then take advantage of personal data published in their online profiles.
