The latest VIPRE Report from GFI Labs suggests that 2013 started off as a bad year for social network-based cybercrime attacks. The report, which analysed the ten most prevalent threats detected during the month of January, identified phishing messages on both Twitter and Facebook as well as malicious spam messages disguised as event invites on LinkedIn.
The report identified a substantial upturn in social networking-related phishing, with Twitter, Facebook and LinkedIn all being targeted with a variety of new creative attacks, a situation not helped by the announcement from Twitter that it had been hacked, resulting in over 250,000 user accounts and passwords being compromised.
LinkedIn, the site that mixes social and business networking to good professional effect, saw business owners in particular being targeted by spammers. The spam emails came in the form of notifications that a supposed employee had sent them an event invitation. Not unusual within the LinkedIn networking sphere, but these were malicious in that they redirected to sites distributing malware to exploit unpatched system vulnerabilities.
As far as Twitter users were concerned, GFI Labs uncovered a direct message phishing campaign targeting them. These claimed the user was, somewhat ironically, being targeted by a Twitter user spreading false accusations on 'nasty blogs' and, of course, containing links to those postings. The links sent the victim to a cloned Twitter login screen where account information entered was harvested. The site first sent them to a 404 error message, and then redirected them to the real Twitter login after they had entered their details. Many users would be fooled into thinking it was just a glitch, or a mistyped password, that had caused the problem and think nothing of it until their now compromised accounts were used to spread malware links or spam.
Facebook users were also the targets of spam, in particular one that claimed they had violated Facebook policies by “annoying or insulting” other users. In order to continue using the social network, the spam messages advised, the victim would have to confirm their account details. The page they were redirected to asked for a security check to be completed, and Facebook account data would then be harvested along with other useful personally identifiable information. This security check even asked for credit card details in order to verify the account, which should have proved to be a huge red flag but no doubt many innocents were caught out by the scam. Indeed, that's exactly how the phishing message was propagated, by victims accounts being used to send the same message to their network of Facebook friends.
Christopher Boyd, a senior threat researcher at GFI Software, said "as the brands of popular social networking sites become more engrained in our culture, their value to cybercriminals looking for new ways to disguise their attack campaigns will only increase. More and more young people entering the workforce think of social networking as a standard part of everyday life. By focusing their efforts on these sites, cybercriminals can increase their chances of fooling a larger number of users to unknowingly download malware onto their PCs and mobile devices. As a result, these users end up providing social network account information that can be used to reach even more potential victims."