2

The latest VIPRE Report from GFI Labs suggests that 2013 started off as a bad year for social network-based cybercrime attacks. The report, which analysed the ten most prevalent threats detected during the month of January, identified phishing messages on both Twitter and Facebook as well as malicious spam messages disguised as event invites on LinkedIn.

The report identified a substantial upturn in social networking-related phishing, with Twitter, Facebook and LinkedIn all being targeted with a variety of new creative attacks, a situation not helped by the announcement from Twitter that it had been hacked, resulting in over 250,000 user accounts and passwords being compromised.

LinkedIn, the site that mixes social and business networking to good professional effect, saw business owners in particular being targeted by spammers. The spam emails came in the form of notifications that a supposed employee had sent them an event invitation. Not unusual within the LinkedIn networking sphere, but these were malicious in that they redirected to sites distributing malware to exploit unpatched system vulnerabilities.

As far as Twitter users were concerned, GFI Labs uncovered a direct message phishing campaign targeting them. These claimed the user was, somewhat ironically, being targeted by a Twitter user spreading false accusations on 'nasty blogs' and, of course, containing links to those postings. The links sent the victim to a cloned Twitter login screen where account information entered was harvested. The site first sent them to a 404 error message, and then redirected them to the real Twitter login after they had entered their details. Many users would be fooled into thinking it was just a glitch, or a mistyped password, that had caused the problem and think nothing of it until their now compromised accounts were used to spread malware links or spam.

Facebook users were also the targets of spam, in particular one that claimed they had violated Facebook policies by “annoying or insulting” other users. In order to continue using the social network, the spam messages advised, the victim would have to confirm their account details. The page they were redirected to asked for a security check to be completed, and Facebook account data would then be harvested along with other useful personally identifiable information. This security check even asked for credit card details in order to verify the account, which should have proved to be a huge red flag but no doubt many innocents were caught out by the scam. Indeed, that's exactly how the phishing message was propagated, by victims accounts being used to send the same message to their network of Facebook friends.

Christopher Boyd, a senior threat researcher at GFI Software, said "as the brands of popular social networking sites become more engrained in our culture, their value to cybercriminals looking for new ways to disguise their attack campaigns will only increase. More and more young people entering the workforce think of social networking as a standard part of everyday life. By focusing their efforts on these sites, cybercriminals can increase their chances of fooling a larger number of users to unknowingly download malware onto their PCs and mobile devices. As a result, these users end up providing social network account information that can be used to reach even more potential victims."

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

11
Contributors
15
Replies
111
Views
4 Years
Discussion Span
Last Post by expensetracker
0

Base on the article you wrote there's no solution yet (a solid solution I mean)

0

Internet security software that flags malicious URLs, along with decent AV protection, helps to mitigate the risk of these kind of threats. But other than the usual 'be wary' advice to end users (don't take everything at face value, don't asutomatically invest trust in your network of friends, don't click on crap, don't be a mug etc etc) there's not much that can be done, no.

0

...says the chap with the sig full of links to ticket sales.

You are wrong, they kind of posts referenced in my article are not just advertising, many are malicious in that they end up redirecting the victim to a site which distributes malware and can often install it via a drive by exploit kit.

0

Any time you have programs that attract billions of people, you will have fraudulent and dishonest people trying to take advantage of the masses. Its just the nature of the beast.

0

i have also heard the next update that google is going to accounced is most probably most the social networking site spamming. Don't know how much truth is behind this news, after reading this thread this discusable.

0

You have just recalled me the history of SEO in 2012. That was really a bad year for SEO personnels. Scammers always target the famous place to spread their spamming. But Google is too much restricted now. Scam is not easy today. But you have posted a great thread which is very informative.

Thanks & Regards

0

I think that simply just allows to minimize the chance of these type of risks. But other than the regular ways or simple guidance to end customers but i don't really believe in in your system of buddies, don't simply just click junk, don't be a mug etc there's really not much that can be done .

0

Yeah it was really a bad year for seo personnels and as compared to the exsiting work year it was a bit of a halt. .

Edited by happygeek: spam removed

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.