There’s no denying it: social networking sites have changed the way we communicate with friends and family and they’re here to stay. Unfortunately, the growing range of sites and number of people using them present cybercriminals with new ways to attack.
Symantec research shows that the majority of cybercrime attacks happen through legitimate websites that have been compromised by attackers – the victim is unaware that while they are on a ‘normal’ looking website, they are, in fact, exposed to malicious content often placed in ‘poisoned’ adverts which download malware simply when viewed.
Symantec has also seen spam attacks claiming to be e-mail messages from social networking sites, which prompt the recipient to download a new video player before viewing a new “adult” video. The “video player” turns out to be malicious code. This same technique could well be used with “football” content, so be on your guard.
Twitter landed in the news when it was hit with a phishing attack. Hackers created fake Twitter accounts and followed legitimate Twitter users. If you use Twitter, you’ll know that the site notifies you when you have a new follower by sending you a link to the follower's Twitter profile page. In this case, the profile page contained a link to a phishing site meaning that a user investigating a new follower ended up on a fake site and was asked to enter a username and password. Once the phishers obtained their victim’s login credentials, they used them to launch another round of attacks.
What can you do to protect yourself?
Update your privacy settings on social networking sites: scammers can’t find you so easily.
Look out for scams such as: Facebook and Twitter messages relating to football news, pleas for money from Facebook “friends” and unsolicited invitations to join online groups or view videos.
Never disclose confidential personal or financial information unless you are sure that the request is legitimate.