Social Networking Can Hurt Your Bank Balance!!!
Social networking sites like Facebook, Bebo and MySpace have soared in popularity over the last few years. They allow users to keep in touch with their friends and make new friends, but they can also expose them to malware and other online danger. As usage of Web 2.0 applications, like blogs, wikis and social networking sites increases, they become more attractive to cyber criminals. Many users of these sites are relatively new to computers and can sometimes be fairly nave regarding online threats.
The threats described in this article have now been countered by site owners, but new ones will appear in future as attackers develop their techniques in response to improved security. The interactive nature of social networking sites allows them to spread threats very quickly, making them attractive targets. Many of these threats exploit the fact that people trust their friends, without realizing that it is important to treat electronic communications with care, no matter who they seem to be from.
As with other aspects of Internet use, threats can be split into two categories: behavior-based and technology-based.
Behavior-Based
Behavior-based threats arise because users are not careful enough about the personal information they put in their online profiles, making themselves vulnerable to identity theft and phishing attacks. Users often publish information about their friends or workmates, their likes and dislikes, their jobs and hobbies without realizing that this information is valuable to identity thieves as it can help them improve their credibility.
Research carried out by IT security company Sophos on a random sample of Facebook users showed that 41% were prepared to divulge personal information like email address, date of birth and phone number to a complete stranger. The research involved creating a fictitious Facebook profile for a green plastic frog named Freddi and sending out 200 friend requests to randomly-chosen users throughout the world. 87 of the users contacted responded and 82 of them supplied personal information, including email addressed, date of birth, details about their education or workplace, address and phone number, as well as photos of friends and family and information about spouses, likes and dislikes and hobbies.
In 2007 Internet Safety website Get Safe Online found that a quarter of UK social networking users had posted confidential personal information, such as their address or phone number on their social networking profiles. 13% of them had posted information or photos of other people online without their knowledge. This figure increased to a worrying 27% among users aged 18-24.
Threats other than phishing can found on social networking websites. Eleven Canadian high school were suspended after making comments about their principal on Facebook when the school imposed a ban on electronic devices and implemented a uniform policy. A school spokesman claimed that the comments constituted cyber-bullying and described them as vulgar and profane.
There have been several allegations that young girls have been raped by older men who encountered them via MySpace or Facebook, but none of these appear to have been conclusively proved. The real issue appears to be that social networking sites can provide an opportunity for men to meet young girls in an unsupervised environment, a situation that parents ought to be very wary of.
Threats Based on Technology
Social networking sites can also be a source of technology-based threats. They allow millions of people to post content, so it’s inevitable that some of these will be malicious individuals attempting to post malware.
At the beginning of 2008 more than three million Facebook users were infected with spyware in less than four days. A widget named “Secret Crush” or “My Admirer” is thought to have been downloaded by one and a half million users. It claimed that it would tell users who had a secret crush on them, but actually tricked them into downloading the infamous Zango spyware, which spread by asking unsuspecting users to forward it to five friends.
Anti-virus vendor Symantec has claimed that vulnerabilities which could be used by hackers to take control of Windows PCs have been found in ActiveX controls offered to users for uploading images to their pages by both Facebook and MySpace. The insecure controls are based on an ActiveX control named Image Uploader, produced by Aurigma Inc.
MySpace was forced to shut down briefly in late 2005 after more than a million users were infected by the Samy worm, written by 19-year old Samy Kamkar. The worm added a million friends to his profile within a few hours, placing the string “but most of all, Samy is my hero” on each of their profiles. Kamkar was eventually sentenced to three years of probation and ordered to perform 90 days of community service.
In January 2008 a 17-gigabyte file containing more than half a million pictures obtained from private MySpace profiles appeared on BitTorrent, a well-known peer-to-peer file sharing service. This is biggest privacy breach to date on a social networking site. It was made possible because a security vulnerability, first reported in Autumn 2007, allowed hackers to access the photo galleries of some MySpace users who had set their profiles to private. This is the default setting for users aged under 16. This attack allowed pedophiles and voyeurs to target vulnerable 14- and 15-year-old users.
In December 2007 users of Google’s Orkut application based in Brazil were attacked by a worm that attempted to hijack their computers and steal their bank account details. The worm spread via booby-trapped links on the personal page of Orkut users and infected further users when they read messages from friends who had already been exposed.
Google quickly closed the loophole which allowed the attack to take place, but another worm, known as Scrapkut appeared early in 2008. Scrapkut was initially thought to be relatively harmless, but it was later discovered that it could intercept the login sessions of a number of Brazilian banking Web sites and replace certain sections with a fake authentication prompt which could capture the users’ logon credentials.
YouTube has also been used indirectly to spread malware. Many Internet users have received spam messages asking them to click on an attached YouTube video clip. However, the link actually takes them to a fake YouTube site where they are told that they need to install Adobe Flash Player to play the video. Clicking the supplied link causes a file called install_flash_player.exe to be downloaded. This is the same name as the real Flash installer, but it actually installs a Trojan known as Trojan-Dropper.W32/Agent.
Countering Threats
We’ve considered some of the dangers that can be found on social networking sites, but what steps can you take to protect yourself against them? Fortunately, most of the technoology-based attacks can be prevented by the usual software defenses, ie: anti-virus software will protect you against viruses, Trojans and worms, anti-spyware programs will protect you against spyware and adware. A good-quality firewall will protect you against hackers and Internet safety suites will protect you against a variety of threats.
Behavior-based attacks, which rely on tricking users into behaving unwisely, are harder to deal with as they can only be tackled by a change in user behavior. Get Safe Online provides a number of guidelines for networking safely, including the following:
Don’t let peer pressure persuade you to do something you’re not happy about.
Avoid publishing information which can identify you, eg: phone numbers, pictures of your home, workplace or school, your address, birthday or full name.
Avoid including personal information in your username, eg: use laughing_boy33, rather than jim_brown.
Set up a throwaway email account (eg: Hotmail or Yahoo) that doesn’t resemble your real name and use that to register and receive mail from the site.
Use a strong password.
Avoid saying anything or publishing pictures that could embarrass you later.
Use the privacy features on the site to restrict strangers’ access to your profile.
Watch out for phishing scams.
If you make sure that your software defenses are strong and up-to-date and you follow the above guidelines you should be able to enjoy social networking without problems.
If you have young children you should ensure that they are not allowed access to the Internet in an unsupervised environment. It’s much better if the computer is in a family area, such as a lounge or dining room, rather than hidden away in a bedroom. Even with older children you should try to keep an eye on their Facebook or MySpace profiles and watch out for any changes in behavior which may suggest that they are encountering online problems.
Social marketing is a new form of advertising that is just starting to become popular. Often social marketing is a favorite of small businesses because it is virtually free although in order to use it to drive traffic to a...
Business Coaches And Professional NetworkingNetworking is a very competitive field in America. Business networking is no simple task. It requires hundreds of complex tasks which can only be performed by highly skilled professionals. There are an untold number of American companies that would simply...
Wireless with Wi Fi Networking AccessibleWireless devices, from PDAs to super-fast laptops, are becoming more and more commonplace not only with business people, but for personal use as well. Wireless networks allow people to be able to easily share files between these different devices and...
Grow Your Business Through Business NetworkingIt is a known fact that there are many people in the world making a good living through their business. And if you want to stay in a business like and making money almost everyday, requires to make sure that...
Social Marketing. The New Tool In Network MarketingIf you stand still, the Internet will blow right past you. It is constantly changing and evolving. The Network Marketers who realize this and stay with the trends will succeed. One such trend that is changing is how people now...