Biruk Aregu
Back to Blog

Social Media Cybersecurity Research: Analyzing User Behavior and Risks

February 20, 202512 min read
ResearchSocial Media SecurityPrivacyOSINT

Research Objectives

Social media platforms have become a goldmine for cybercriminals conducting Open Source Intelligence (OSINT) reconnaissance. My research aimed to analyze how users interact with privacy settings and the extent to which oversharing personal information contributes to successful social engineering attacks.

Methodology

The study involved a multi-faceted approach:

  • Survey Analysis: Collected data from 500+ participants regarding their social media habits and security awareness.
  • Privacy Settings Audit: Examined the default vs. configured privacy settings across major platforms like Facebook, Instagram, and LinkedIn.
  • OSINT Simulation: Demonstrated how easily publicly available data could be aggregated to build a comprehensive profile of a target.

Key Findings

1. The "Default" Danger

Over 60% of users never change their default privacy settings. Platforms often default to "Public" or "Friends of Friends," leaving vast amounts of personal data exposed to anyone with an internet connection.

2. The Oversharing Epidemic

Participants frequently shared sensitive information that could be used for security question answers, such as:

  • Pet names (35%)
  • Birthdates and locations (50%)
  • High school or university names (45%)
  • Vacation plans in real-time (25%)

3. LinkedIn as an Attack Vector

While users are generally more cautious on Facebook, LinkedIn profiles often contain detailed work histories, email formats, and organizational hierarchies. This data is invaluable for crafting targeted spear-phishing campaigns.

Security Implications

The correlation between social media oversharing and successful cyberattacks is undeniable. Attackers use this data to:

  • Craft convincing phishing emails: referencing recent events or colleagues.
  • Bypass authentication: guessing passwords or answering security questions.
  • Conduct physical social engineering: knowing when a target is out of the office or on vacation.

Recommendations for Users

Based on the research, I propose the following security measures:

  • Audit your digital footprint: Regularly review what information is publicly visible on your profiles.
  • Tighten privacy settings: Restrict post visibility to "Friends Only" and disable search engine indexing where possible.
  • Be vague with security answers: Treat security questions like passwords—use random or false information that cannot be found on your profile.
  • Delay posting: Avoid posting vacation photos in real-time to prevent alerting criminals that your home is empty.

Conclusion

This research highlights the critical need for better digital hygiene. As social media continues to integrate into our daily lives, understanding the security trade-offs of sharing information is essential. Privacy is not dead, but it requires active management and awareness.