Social networking is highly valued by many people including regular users who update their "personal" sites with all the details of their comings and goings. Growing accustomed to such World Wide Webizing of their lives brings some of these people great fulfillment. It's true - social networking can be highly addictive. Why? Often, it's for good reasons. Users find it a convenient way to stay in touch with their family and friends. Little thought is given to the consequences of regular use or what could happen if someone fraudulently acquires your log in information.
The value of the service, in the eyes of the user is based upon what the service can do for me. For hackers, scammers, fraudsters and internet thieves, the value is measured by it's resale price. According to the article below based upon research by Trend Micro, the value of the login information for criminal purposes is nothing, maybe not even enough for your favorite Starbucks. Now, that can mean two things (supply and demand). One, the market for login information is slow. OR, two -the information is SO easy to come by EVERYONE can steal it and does steal it.
APRPEH's previous posts Dangers of Social Networking Sites and More Dangers of Social Networking on this subject documented the criminal aspects, what users of login information actually do with it.
Below is a little different angle: the free market for stolen logins.
Facebook hacking increases as logins sold cheaply - SC Magazinee UK
Dan Raywood, December 16, 2008
Hackers are stealing Facebook login details and selling them on for just 89p each.
According to research by Trend Micro, logins for MySpace, Skype and online computer games are also sold on to gangs for £1 a time, a set of credit card details is sold for £25 while internet banking logons cost £35 each.
Rik Ferguson, senior security advisor at Trend Micro, told The Sun: “We give away a huge amount of personal information on social networking sites. Hordes of cyber criminals are drawn to them. Whether you're going online to use Facebook, or for banking or Christmas shopping, you should be aware that hacking and identity theft tends to increase at certain times of the year.”
Gary Clark, VP EMEA at SafeNet, said: “Organisations need to take responsibility for their customers, and protect them from anyone looking to exploit a weakness in the system. This could be account details on Facebook, personal financial data used in internet banking, or credit card details disclosed when shopping online. Website owners should be able to guarantee security, or expect people to go elsewhere.
“At the very least, all data must be encrypted. Plus, any sites dealing with financial details need to comply with the appropriate regulations, such as the Payment Card Industry Data Security Standard (PCI DSS). There's is nothing we can do to stop the scammers trying their scams, aside from educating users not to fall for them. But when it comes to data, websites owners need to up their game and provide the appropriate safety measures.”another look from the Daily mail
Back on December 1 APRPEH posted The Dangers of Social Networking Sites. Since then, I have become aware of other articles besides the one included in my post which assert that 2009 may be the year of the attack on social networking.
As I stated in the December 1 post, I don't believe people will flee from social networking, and if so, expect an increase in infected computers, networks and friends lists. The malware and spyware installations in American computers will continue to contribute to identity theft, increasing the percentage of people who may fall victim to fraud due to computers and internet. People have long been concerned about becoming a victim of identity theft due to their computer usage but this has not been, at least until now, one of the primary reasons consumers fall victim. Granted, technology makes the commission of consumer type fraud easier but is usually not the initial source for personal identifying information (PII) being stolen.
What makes infecting computers and for that matter identity theft easier on social networking sites is the fact that "networking" inherently is a low-threat, high-trust environment. And even someone inclined to be more security minded will lower their defenses when they perceive that the environment is safe. Such presumptions are the foundation upon which fraud is built. This very same idea is what makes a reasonably well educated adult respond to an email asking for highly personal or sensitive information.
Information you should know
In order to be a successful at spreading malware through disguised links or stealing PII through email phishing two things must be present:
1) the consumer believes that failure to act will result in a loss which causes
2) the consumer to lower their defenses or skepticism (or over rule it) and act imprudently. In the case of malware and what should be suspicious links in a different environment the 'failure to act will result in a loss' equation is replaced by an equally strong impulse that 'failure to act will result in not acquiring the perceived benefit'.
Best advice
Watch what you click.
Never reply to an email asking for PII.
Verify with the "friend" any suspicious email asking you to follow a link into their site before clicking.
The email may not have originated from your friend but by malware forwarding messages from an infected friends list.
Too Late to Save Facebook?
A slew of security vendor reports on risks to expect in 2009 point to Facebook, Myspace and other such sites as increasingly tempting targets among hackers looking to dupe people out of their sensitive information. PDF and Flash files, once considered safe, are now a threat as well.
Danger lurks behind social networking
What's the top threat to data security going to be in 2009? According to the GTISC Emerging Cyber Threats Report for 2009 out of Georgia Tech's Information Security Center, the answer is malware specifically disguised as "benign social networking links."
Young workers' use of social networking sites concerns IT staffs
By Steve Johnson
Mercury News.com
Posted: 12/04/2008 12:03:58 PM PST
Social-networking sites such as Facebook and MySpace are being targeted so often by cybercrooks and other mischief-makers that half of the information-technology specialists surveyed recently by Intel expressed concern about workers under 30, who disproportionately use such sites.
Of the 200 corporate and government IT professionals in the United States and Canada who were surveyed, 13 percent said they regard so-called Generation Y employees as "a major security concern," and 37 percent tagged them as "somewhat of a security concern." The biggest worry they mentioned was the tendency of many Gen Yers to frequent social-networking sites like Facebook and MySpace.
Among other problems, the IT executives said employees using such sites may download viruses that wind up on their employer's computers or reveal information about themselves on the networking sites that compromises their employer's business secrets. To prevent such problems, some companies, including Intel, ban their workers' access to social networking sites.
"Their wide-ranging use of the Internet can expose the company to malicious software attacks," said Mike Ferron-Jones, who directs an Intel program that monitors new computing trends. "This is a big deal now, and it's going to get bigger as more Gen Yers come into the workforce."
On the positive side, the IT executives noted that Gen Yers tend to be computer savvy and are brimming with new ideas, which are highly desirable corporate qualities.
MySpace executives didn't respond to a Mercury News request for comment on the report. But Facebook spokesman Barry Schnitt acknowledged that his site has seen increasing cyberassaults.
"The more a site grows, the more it becomes a target of bad guys," he said. Nonetheless, he stressed that Facebook "acts aggressively and proactively to protect our users."
Among other things, Facebook does statistical analysis of how often people send messages to identify scammers targeting large numbers of its users. And while he declined to provide data on how many scams are launched against the site each year, he said "only a very small percentage of users have been impacted by security issues."
Even so, the threat posed by identity thieves, con artists and malevolent hackers is considerable and growing, other experts have concluded.
On Tuesday, cybercrime specialists at the security software company McAfee in Santa Clara said they had discovered a link for a movie posted on Facebook. After the link is clicked, a so-called worm detours the user's Internet searches to certain Web-based ads, according to McAfee threat researcher Craig Shmugar.
McAfee's list of top 12 Christmas scams also warns that people on some social-networking sites have been receiving messages that say "You've got a new friend." When clicked, the messages downloads software that steals their financial information.
Increasing numbers of employees access social-networking sites at their job or while using a personal computer linked to work. And the problems they encounter on those sites can turn into big headaches for their employers, according to experts.
In a study earlier this year, security firm Sophos said, "Organizations are facing the dual concerns of social-networking Web sites causing productivity issues by distracting employees from their work" as well as viruses or other malicious computer code "being introduced to the workplace."
Sophos warned employers to be particularly wary of the common tendency of people to use the same password for every site they access. If a crook successfully guesses the person's social-network password, the study said, "They may well be guessing it for the company network, too."
Users of social-networking sites tend to be unusually trusting and willing to share information, said Scott Mitic, chief executive of TrustedID in Redwood City, which offers identity-theft protection services. While they would never dream of leaving their trash cans out when going on vacation, they often seem unconcerned about revealing details of planned trips on social-networking sites.
"I can tell you right now of my friends on Facebook whose house I should be breaking into," he said. "I know who's in Russia now. I know who's on a business trip to L.A."
Because some of Intel's computer chips can block viruses and other security threats, the company may be able to use the research to promote its technology, said Ferron-Jones. But he added that Intel — like other companies — also benefits from its employees using sites like Facebook to confer with customers or business associates.
That poses a big dilemma for businesses grappling with the social-networking phenomenon, he said, adding, "how do you harness all of the good, but avoid the bad?"
Spear Phishing: A Targeted Attack
Posted August 13th at 12:01 pm | Tags: Catherine Forsythe, data breach, identity theft, phishing, security, spoofing |
from Flying Hamster
One of the common, well known attempts at identity theft is phishing. You may received email asking you to do things like verify your PayPal account or your eBay account. The criminals are casting a wide ‘net’ with broadcast spam to see who will respond. Playing the numbers game, if enough spam is sent out, someone will make the error and carelessly give up their personal information.
Spear phishing is not broad spectrum spamming. It is very specific and targeted. For example, if you received an email from someone from your tech support services asking to confirm your security code, would you do it? The email is addressed directly to you and has your name in the text of the note. A glance at the email address shows that it is a company email. If you send back your security code or password, you may have been ‘phished’ - specifically, you have been ’spear phished’. You were targeted.
Email addresses can be spoofed. And the mention of your name in the text is just social engineering. It is to manipulate you into feeling secure and giving up the information. Obviously, in business, the senior management has access to the sensitive data. One breach there could mean a security problem involving hundreds, perhaps thousands, of files containing information for a staggering number of identity thefts.
The spear phishing is not limited to businesses. It can happen to anyone. An example is the recurring jury duty scam. In this ploy someone may call or write and tells you that you have been negligent in performing your jury duties. You may reply that you did not receive any notification. The hacker then asks you for your social security number to confirm that the documents are indeed yours. And you can guess the rest… it’s spear phishing on a smaller scale.
Obviously, the precaution is to check before giving out any sensitive information. Check thoroughly and then check again. And even then, you may want to say ‘no’…
Catherine Forsythe
Just because it looks and sounds real doesn't mean that it is. If you are uncertain as to the truthfulness of an email contact or a mix of email and telephone contacts, do your own research. Do an internet search for the organization or entity and follow up based upon the contact information that you discover. Check out Rip Off Report. This is a great resource which helps unsuspecting consumers make decisions about suspicious emails or offers.
Another good resource is Fraud Watch International.
Above all, use good judgement. If need be, please respond to this blog on this post and I will take a look at the information you have submitted. While I cannot always be 100% accurate, I will do my best.
IRS employees get phished - and fall for it….
From
Privacy and Identity Theft
A blog by Dave Jevans
By now you’ve been adequately warned against IRS phishing scams circulating the Internet. The APWG and other groups have warned consumers about fake emails pretending to be from the IRS, for example saying that you have an online refund pending.
Now we have news that the Treasury Department’s Inspector General for the Tax Administration launched a test to see how well IRS employees themselves manage their own passwords.
Instead of email, they simply called 102 IRS employees and asked them for their password. 61 complied with the request.
Uh,
Uhm,
IRS phishing scams and fraud scams are real. The IRS doing the scamming is not so common.
What Words Offend Arabs? The Truth.
Children's Poetry Booklet Recalled After Arabs Complain
(Israeli censorship kowtows to Arabs.
When Will We Tell The Truth Without Fear)
(IsraelNN.com 7 Sivan 5768/June 10, '08) Ynet's web site and Arab complaints against a ten-year-old boy's poem about terrorists has resulted in the recall of all of the Nes Ziona municipality's children's poetry booklets.
Ynet boasts that its coverage of the poem resulted in its being recalled.
The text of the poem (Ynet's translation):
Ahmed's bunker has surprises galore: Grenades, rifles are hung on the wall. Ahmed is planning another bombing!What a bunker Ahmed has, who causes daily harm.Ahmed knows how to make a bomb. Ahmed is Ahmed, that's who he is, so don't forget to be careful of him.We get blasted while they have a blast!Ahmed and his friends could be wealthy and sunny, if only they wouldn't buy rockets with all their money.
Poetry competition director Marika Berkowitz, who published the booklet, was surprised at the protests and told Ynet: "This is the boy's creation and this is what he wanted to express. Of course there should be a limit, but I think the there is no racism here. 'Ahmed' is a general term for the enemy. These are the murmurings of an innocent child."
The Education Ministry told Ynet: "The local authority that published the booklet should have guided the students in a more correct manner through the schools. The district will investigate the issue with the local authorities."
Posts
