I’ve talked many times about security with my least security-minded friends and I’ve stumbled repeatedly on a weird concept some people have about protecting themselves on the Internet. My friends will frequently say something along the lines of, “I don’t really care about this stuff because there is no money linked to my accounts,” or “What are they going to steal? My Facebook account? My email credentials? There’s nothing there for them.”
Actually, there is.
Apart from the hassle of losing access to your email accounts, criminals usually target these to plunder data about your other accounts. Controlling your email account enables them to “reset your passwords” in many websites. Usually those websites whose “welcome” emails you keep in your email inbox include your user names and sometimes your passwords. In addition, your email contacts can also be added to spam databases. You could end up (indirectly) spamming your friends.
Social network accounts are even more useful for cybercriminals because besides plundering your friends’ email addresses, the bad guys can also send bad links around and try to steal the social networking credentials of your friends. There is a reason why there is a price for stolen social networking accounts.
Neither is it exactly true that there is “no money” in social networking. For example, Facebook now has its own “virtual currency,” Facebook Credits. You can use the credits to buy virtual goods either on Facebook itself or, more likely, in the many online games that use Facebook as platform. (Virtual goods is big business—it’s estimated that Americans spent US$1 billion on virtual goods in 2009.)
How do you buy these credits? The same way you buy real-world goods—using your credit card. Relatively few people do so today but in the future, this might not be the case. This means that it’s quite possible that someone stealing your social networking credentials will also get their hands on your credit card information.
On top of this, a lot of people share passwords between different accounts (even though it’s an awfully bad idea). This might mean that all your accounts get compromised and that’s probably not fun.
So if you still think that exposing your nonfinancial accounts is still okay, shame on you. Keep reading our blog and hopefully, someday, you’ll change your mind.