Back on December 1 APRPEH posted The Dangers of Social Networking Sites. Since then, I have become aware of other articles besides the one included in my post which assert that 2009 may be the year of the attack on social networking.
As I stated in the December 1 post, I don't believe people will flee from social networking, and if so, expect an increase in infected computers, networks and friends lists. The malware and spyware installations in American computers will continue to contribute to identity theft, increasing the percentage of people who may fall victim to fraud due to computers and internet. People have long been concerned about becoming a victim of identity theft due to their computer usage but this has not been, at least until now, one of the primary reasons consumers fall victim. Granted, technology makes the commission of consumer type fraud easier but is usually not the initial source for personal identifying information (PII) being stolen.
What makes infecting computers and for that matter identity theft easier on social networking sites is the fact that "networking" inherently is a low-threat, high-trust environment. And even someone inclined to be more security minded will lower their defenses when they perceive that the environment is safe. Such presumptions are the foundation upon which fraud is built. This very same idea is what makes a reasonably well educated adult respond to an email asking for highly personal or sensitive information.
Information you should know
In order to be a successful at spreading malware through disguised links or stealing PII through email phishing two things must be present:
1) the consumer believes that failure to act will result in a loss which causes
2) the consumer to lower their defenses or skepticism (or over rule it) and act imprudently. In the case of malware and what should be suspicious links in a different environment the 'failure to act will result in a loss' equation is replaced by an equally strong impulse that 'failure to act will result in not acquiring the perceived benefit'.
Watch what you click.
Never reply to an email asking for PII.
Verify with the "friend" any suspicious email asking you to follow a link into their site before clicking.
The email may not have originated from your friend but by malware forwarding messages from an infected friends list.
Too Late to Save Facebook?
A slew of security vendor reports on risks to expect in 2009 point to Facebook, Myspace and other such sites as increasingly tempting targets among hackers looking to dupe people out of their sensitive information. PDF and Flash files, once considered safe, are now a threat as well.
Danger lurks behind social networking
What's the top threat to data security going to be in 2009? According to the GTISC Emerging Cyber Threats Report for 2009 out of Georgia Tech's Information Security Center, the answer is malware specifically disguised as "benign social networking links."
Young workers' use of social networking sites concerns IT staffs
By Steve Johnson
Posted: 12/04/2008 12:03:58 PM PST
Social-networking sites such as Facebook and MySpace are being targeted so often by cybercrooks and other mischief-makers that half of the information-technology specialists surveyed recently by Intel expressed concern about workers under 30, who disproportionately use such sites.
Of the 200 corporate and government IT professionals in the United States and Canada who were surveyed, 13 percent said they regard so-called Generation Y employees as "a major security concern," and 37 percent tagged them as "somewhat of a security concern." The biggest worry they mentioned was the tendency of many Gen Yers to frequent social-networking sites like Facebook and MySpace.
Among other problems, the IT executives said employees using such sites may download viruses that wind up on their employer's computers or reveal information about themselves on the networking sites that compromises their employer's business secrets. To prevent such problems, some companies, including Intel, ban their workers' access to social networking sites.
"Their wide-ranging use of the Internet can expose the company to malicious software attacks," said Mike Ferron-Jones, who directs an Intel program that monitors new computing trends. "This is a big deal now, and it's going to get bigger as more Gen Yers come into the workforce."
On the positive side, the IT executives noted that Gen Yers tend to be computer savvy and are brimming with new ideas, which are highly desirable corporate qualities.
MySpace executives didn't respond to a Mercury News request for comment on the report. But Facebook spokesman Barry Schnitt acknowledged that his site has seen increasing cyberassaults.
"The more a site grows, the more it becomes a target of bad guys," he said. Nonetheless, he stressed that Facebook "acts aggressively and proactively to protect our users."
Among other things, Facebook does statistical analysis of how often people send messages to identify scammers targeting large numbers of its users. And while he declined to provide data on how many scams are launched against the site each year, he said "only a very small percentage of users have been impacted by security issues."
Even so, the threat posed by identity thieves, con artists and malevolent hackers is considerable and growing, other experts have concluded.
On Tuesday, cybercrime specialists at the security software company McAfee in Santa Clara said they had discovered a link for a movie posted on Facebook. After the link is clicked, a so-called worm detours the user's Internet searches to certain Web-based ads, according to McAfee threat researcher Craig Shmugar.
McAfee's list of top 12 Christmas scams also warns that people on some social-networking sites have been receiving messages that say "You've got a new friend." When clicked, the messages downloads software that steals their financial information.
Increasing numbers of employees access social-networking sites at their job or while using a personal computer linked to work. And the problems they encounter on those sites can turn into big headaches for their employers, according to experts.
In a study earlier this year, security firm Sophos said, "Organizations are facing the dual concerns of social-networking Web sites causing productivity issues by distracting employees from their work" as well as viruses or other malicious computer code "being introduced to the workplace."
Sophos warned employers to be particularly wary of the common tendency of people to use the same password for every site they access. If a crook successfully guesses the person's social-network password, the study said, "They may well be guessing it for the company network, too."
Users of social-networking sites tend to be unusually trusting and willing to share information, said Scott Mitic, chief executive of TrustedID in Redwood City, which offers identity-theft protection services. While they would never dream of leaving their trash cans out when going on vacation, they often seem unconcerned about revealing details of planned trips on social-networking sites.
"I can tell you right now of my friends on Facebook whose house I should be breaking into," he said. "I know who's in Russia now. I know who's on a business trip to L.A."
Because some of Intel's computer chips can block viruses and other security threats, the company may be able to use the research to promote its technology, said Ferron-Jones. But he added that Intel — like other companies — also benefits from its employees using sites like Facebook to confer with customers or business associates.
That poses a big dilemma for businesses grappling with the social-networking phenomenon, he said, adding, "how do you harness all of the good, but avoid the bad?"