- Joined
- Feb 24, 2004
- Messages
- 11,353
- Reaction score
- 6
Avoid Social networking attacks..
How to Avoid Social Networking Attacks
I dislike "Farmville game" or other games on Facebook. Fake for geting free MacBook Pro.
It was the spelling and grammatical errors that did it. When Bonnie Loshbaugh received a Facebook chat from a friend (let’s call her Teresa) saying she had been robbed in Aberdeen, Scotland, she was initially concerned. Then she remembered that Teresa, who is of Malaysian descent and was in the process of receiving an advanced degree on the East coast, had little reason to be in Aberdeen. “Also, I would be about two-hundredth on the list of people she would go to for help since we’re not close,” she added. Loshbaugh e-mailed her friend the transcript of the conversation, encouraging her to call the cops if, by some small chance, she actually was stranded in Scotland.
Sure enough, Teresa’s account had been hacked. Once an excuse for such starlets as Lindsay Lohan to feign ignorance at embarrassing late-night tweets, social network hacking has been on the rise for years. Other threats, ranging from shady software developers to some particularly sophisticated phishing attacks, can make public hubs such as Facebook and Twitter dangerous places to be once you land on a hacker’s radar. A handful of security experts (including one reformed spammer) told us what social networking attacks look like, and how to avoid getting scammed.
Why You’re A Target
You might be wondering why hackers would target someone such as Teresa, who theoretically shouldn’t garner much attention among more than 350 million Facebook users worldwide. In fact, people make themselves—and their virtual friends—vulnerable all the time without realizing it.
Charlie Miller, principal security analyst for Independent Security Evaluators, says that being friends with someone who’s been hacked is often all it takes. Other times, it’s as simple as being in the wrong place at the wrong time. “It could be Joe Schmo happens to be a friend of someone they’ve successfully attacked,” he said. “Or he commented on some page they happened to be looking at.”
These attacks have become more frequent too, Miller says, as hackers’ motivations evolve from sheer hubris to theft. “The Samy worm [that hit MySpace in 2007] was just some guy showing off,” he said. “Now people are more concerned with financial motives.” These threats include not just identity theft, but selling the use of these computers to send spam and malware and run servers as well. And as hacking has grown more lucrative, the bad guys have become more persistent. Miller cites password forcing algorithms that try every word in the dictionary until they gain entry; just one more reason to incorporate numbers and symbols into your various passwords.
When Spam Gets Personal
By all accounts, the dangers besetting social networks aren’t that different from what you’ll find elsewhere on the Internet. These include phishing attacks, drive-by downloads, and links that lead to malicious sites. Think ads that scream, “You’ve won a MacBook Pro!” or “Congratulations, Bob! You’re visitor 9,999!” The problem is that the ads often leverage information in users’ profiles to make them eerily personal, so that it’s not just you who’s won a MacBook Pro, but you, John Smith.
“It’s a little more insidious because of the kind of personalized data you have to play with and because ads are not marked as clearly as they could be,” said Dennis Yu, author of “How to Spam Facebook Like a Pro: An Insiders Confession,” and a self-professed former spammer who is now CEO of the ad agency BlitzLocal.
Then there are the kinds of attacks like the one Loshbaugh witnessed. If a friend’s account has been hacked so that they appear to be asking for money, or sending links to photo albums and YouTube clips, it can be trickier to suss out a scam. “I might [normally] be suspicious,” said Kevin Haley, director of Symantec Security Response. “But if my friend has given me this link, I’ll click on it. They tend to be in a more trusting environment, so it’s easier to be fooled.”
Once people click on these links, several things can happen. They may experience a drive-by download—that is, download a piece of malware just by dint of visiting this malicious page (any diligently updated security software worth its salt will block most of these threats). In other cases, users may see a pop-up asking them to update their video codecs in order to view a video. Consider that a red flag and move on.
There’s a Scam For That
One class of attacks is unique to social networks. Yu says that Web surfers make themselves more vulnerable as they continue to download third-party apps, which generally require users to allow software developers access to the information stored on their profile. Whether you download apps to Facebook or to a mobile device, the platform you’re using is liable to explicitly request permission to share your personal data with that developer (e.g., your location for location-based apps).
Many reputable apps will use your information as promised (say, to publish Twitter updates on Facebook). But not all app developers are so honest. The more unscrupulous ones, Yu says, may produce personalized ads that border on spam. In other cases, the apps themselves can be malicious. Yu gives the example of parasitic apps, such as FarmVille Fun Gifts (since removed), which tried to piggyback on the incredibly popular Facebook game FarmVille. The bait was status symbols users couldn’t actually use.
Yu says that even though Facebook members weren’t asked to pay for these useless gifts, the app still deserved to be removed from the service. “The value of that customer base in the hands of someone unethical is amazing.” he said. “Imagine if you had the profile information on millions and decided to sell it or use it for other kinds of advertising, even if it is against the terms of service.”
These pitfalls aside, Yu doesn’t encourage users to become digital hermits. “I don’t think it means people should be Luddites or say, ‘I’m not going to do anything on Facebook,’” he said. Instead, he suggests users research apps before downloading them, reading user reviews and paying attention to details, such as the spelling and grammar on the app’s download page. Question deals that seem too good to be true (think a free villa in Farmville—a conquest that would normally take one million game points to acquire). Finally, users can spread good karma by voting down ads they find intrusive or sketchy. “The number of people who click the dislike button can be far in excess of the actual click-through rate,” Yu said.
Miller, however, warns that downloading apps adds an extra layer of vulnerability for businesses that have already trusted their information (and reputations) with Facebook, MySpace, and Twitter’s servers, as opposed to their own firewalled ones. “All of a sudden they have to trust Facebook or Twitter to protect this information,” he said.
Takeaways
Regardless of where you spend your time online, common sense—whether it means avoiding spam, being choosy about apps, or ignoring minor acquaintances begging for money from exotic locales—will serve you well. That’s especially true on social networks, where the line between ads and editorial, spam and run-of-the-mill viral links, and friends and spammers is often muddled
How to Avoid Social Networking Attacks
I dislike "Farmville game" or other games on Facebook. Fake for geting free MacBook Pro.