Scammers target Facebook, LinkedIn and Twitter

Updated happygeek 2 Tallied Votes 490 Views Share

The latest VIPRE Report from GFI Labs suggests that 2013 started off as a bad year for social network-based cybercrime attacks. The report, which analysed the ten most prevalent threats detected during the month of January, identified phishing messages on both Twitter and Facebook as well as malicious spam messages disguised as event invites on LinkedIn.

The report identified a substantial upturn in social networking-related phishing, with Twitter, Facebook and LinkedIn all being targeted with a variety of new creative attacks, a situation not helped by the announcement from Twitter that it had been hacked, resulting in over 250,000 user accounts and passwords being compromised.

LinkedIn, the site that mixes social and business networking to good professional effect, saw business owners in particular being targeted by spammers. The spam emails came in the form of notifications that a supposed employee had sent them an event invitation. Not unusual within the LinkedIn networking sphere, but these were malicious in that they redirected to sites distributing malware to exploit unpatched system vulnerabilities.

As far as Twitter users were concerned, GFI Labs uncovered a direct message phishing campaign targeting them. These claimed the user was, somewhat ironically, being targeted by a Twitter user spreading false accusations on 'nasty blogs' and, of course, containing links to those postings. The links sent the victim to a cloned Twitter login screen where account information entered was harvested. The site first sent them to a 404 error message, and then redirected them to the real Twitter login after they had entered their details. Many users would be fooled into thinking it was just a glitch, or a mistyped password, that had caused the problem and think nothing of it until their now compromised accounts were used to spread malware links or spam.

Facebook users were also the targets of spam, in particular one that claimed they had violated Facebook policies by “annoying or insulting” other users. In order to continue using the social network, the spam messages advised, the victim would have to confirm their account details. The page they were redirected to asked for a security check to be completed, and Facebook account data would then be harvested along with other useful personally identifiable information. This security check even asked for credit card details in order to verify the account, which should have proved to be a huge red flag but no doubt many innocents were caught out by the scam. Indeed, that's exactly how the phishing message was propagated, by victims accounts being used to send the same message to their network of Facebook friends.

Christopher Boyd, a senior threat researcher at GFI Software, said "as the brands of popular social networking sites become more engrained in our culture, their value to cybercriminals looking for new ways to disguise their attack campaigns will only increase. More and more young people entering the workforce think of social networking as a standard part of everyday life. By focusing their efforts on these sites, cybercriminals can increase their chances of fooling a larger number of users to unknowingly download malware onto their PCs and mobile devices. As a result, these users end up providing social network account information that can be used to reach even more potential victims."

Member Avatar for LastMitch

Base on the article you wrote there's no solution yet (a solid solution I mean)

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Internet security software that flags malicious URLs, along with decent AV protection, helps to mitigate the risk of these kind of threats. But other than the usual 'be wary' advice to end users (don't take everything at face value, don't asutomatically invest trust in your network of friends, don't click on crap, don't be a mug etc etc) there's not much that can be done, no.

Member Avatar for LastMitch

I think that's good enough.

halenmartinez 0 Junior Poster in Training

these kind of post are only advertisement purpose....let us ignore it

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

...says the chap with the sig full of links to ticket sales.

You are wrong, they kind of posts referenced in my article are not just advertising, many are malicious in that they end up redirecting the victim to a site which distributes malware and can often install it via a drive by exploit kit.

SJaved7 0 Junior Poster in Training

Nice ,infomative post I really like enjoy it.

queenbearn 0 Newbie Poster

Any time you have programs that attract billions of people, you will have fraudulent and dishonest people trying to take advantage of the masses. Its just the nature of the beast.

halenmartinez 0 Junior Poster in Training

i have also heard the next update that google is going to accounced is most probably most the social networking site spamming. Don't know how much truth is behind this news, after reading this thread this discusable.

anselcary 0 Newbie Poster

Truly source of a bundle of information I really enojy it.

Kristinakathy 0 Newbie Poster

You have just recalled me the history of SEO in 2012. That was really a bad year for SEO personnels. Scammers always target the famous place to spread their spamming. But Google is too much restricted now. Scam is not easy today. But you have posted a great thread which is very informative.

Thanks & Regards

joanniecanchola 11 Light Poster

Ya thats a nice one written.

charlijoseph 0 Newbie Poster

Thanks for sharing this information with us.

JasonJamie 0 Newbie Poster

I think that simply just allows to minimize the chance of these type of risks. But other than the regular ways or simple guidance to end customers but i don't really believe in in your system of buddies, don't simply just click junk, don't be a mug etc there's really not much that can be done .

JasonJamie 0 Newbie Poster

Yeah it was really a bad year for seo personnels and as compared to the exsiting work year it was a bit of a halt. .

expensetracker 0 Newbie Poster

I don't think spammers really harm to facebook linkedin and twitter.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.