Telling lies is the best form of security on social networks. That's according to Sophos' Senior Technology Consultant Graham Cluley in an exclusive interview with TechRadar.
"One of the things we've been saying is to start lying. On Facebook, it asks you for your date of birth - under the terms and conditions you're not allowed to lie.
"I say 'screw them' and lie about [your] date of birth. I don't trust them to look after it, they revealed it once before."
And he says this preventative attitude applies to other areas, too. "With my online bank I lie about my mother's maiden name. But people feel compelled to tell the truth all the time.
"And it's like, first of all you don't need to fill in all those fields quite often and secondly, don't tell the truth. And that way, if they screw up or you're careless, who cares?"
Cluley is a popular and well-versed expert within the security industry and is known for his quotable repartee. "Social networks have shown to us that they can't be trusted. They have messed up on a number of occasions," he says. "Ultimately you can only trust yourself."
Don't share too much on Twitter
As well as social networks such as Facebook and LinkedIn, his advice also extends to Twitter. But, he says, common sense should be the top tool at your disposal.
"There was a US Senator in a helicopter above Baghdad saying 'hey isn't it great, I'm above the presidential palace.' And you think 'you twat.' What a stupid thing to do - not only endangering his own life, but the people protecting him as well. People aren't thinking about the consequences of what they're doing and the way in which that information can be used."
People share too much information. "I had a friend the other day that told everyone on Twitter that he was 34. And I said, 'hey you know what you've done, you've revealed your precise date of birth'. If you go on Twitter and search for 'birthday today' you'll find thousands of people revealing their precise date of birth...obviously a useful tool for identity thieves."
And he believes people should be more aware – but it's not necessarily their fault. "Fundamentally we are cavemen and haven't evolved. If we could roll out a security patch for people's brains, then maybe we would be worthy of living in the 21st century with computers," he says. "We are Neanderthal man who's been given a ZX81 and told to get on with it. We haven't a clue on how to properly protect ourselves; we're having too much fun pretending to be zombies or talking like a pirate."
Clever crims
Cluley adds that people can give things away simply by changing details on a site like LinkedIn. "But put your hacker mind on for a second and think ok, basically I can get a corporate directory of a firm from LinkedIn. I can find out who the head of HR is and forge an email claiming to come from them to a new recruit and get them to [reveal corporate information]. There's lots of things like that which you'd do completely innocently and not realise the repercussions.
"One of the things the bad guys want to do is that they want to become friends with you. Maybe your friends on Facebook are slightly different than on Twitter. I can then create an account [to fill that gap] and get inside your circle," says Cluley.
"All of these jigsaw pieces come together and it all begins to unravel. People are so much more willing to click on links on social networks. You can't really trust on a social network. If it's typed, you can't be sure it was written by [your friends]," he says.
But Cluley believes Twitter can be a very useful tool. "Twitter has purpose, where Facebook didn't really. However at the moment it feels like it's held together with pipe-cleaners and tin cans. Frankly they've probably been amazed by their growth. I'm sure they've got lots of issues. It does have a business purpose and that's going to make it interesting in the future.
"Of course, the criminals are going to go there too. You're out there in the plains of the Serengeti and the zebras are going to the water. And the lions are thinking, 'let's go there.' So the criminals are doing the same," he adds.
