Smart SpendingSmart Spending

Latest social media app: ID theft

Antivirus software companies predict a breakthrough year for hacker attacks via social-networking sites.

By Karen Datko Mar 3, 2010 10:47AM

This post comes from Jabulani Leffall at partner blog Wise Bread.


In the last few months you've probably been bombarded with things to watch for in 2010: ways to save, what the best vacation destinations are, who's hot and who's not -- you know, important stuff.


You may wish to share some of this stuff via a social-networking site: Facebook, Twitter, LinkedIn, MySpace -- you know, the important sites.


These sites are actually important because millions of people use them. And millions, such as yourself, will be vulnerable to scams, trickery and tomfoolery that will at best lead to some embarrassing hijacking of your page or computer and, at worse, help a hacker dial down into what in the data-protection world is called PII or personally identifiable information. We've covered a little bit of that at this blog but never enough.


Allow me to pose this question: Would you walk into a dark alley that says "Check out this really cool video of you and your friends"? Would you trust a Bobby D.-like character who says, "I got some nice dresses for ya, right around the corner if you walk into that alley"? Would you walk into that alley with your ID in hand, brandished for all to see?


Of course not. You are, after all, kind of sane. I mean you're reading this, aren't you?

Yet many people want to check out those cool videos and see which designer dresses Bobby Digital has for them every time they log on. Sure they'd skipped the real dark alley, but only to do the same exact thing digitally on Facebook, et al., every single day.


This is why antivirus software firms McAfee (.pdf file) and Symantec (.pdf file) see 2010 as a breakthrough year for social media sites -- a breakthrough in terms of them being attacked by hackers.


What's alarming, if not brow-raising, is that most of the hacks on your favorite social portals for posting, partying, pandering, pithiness, and persiflage will take place because you or someone you know walked into that dark digital alley in search of fun, just curious and also just plain careless.

“Mostly it's the users in an individual or small-business environment through carelessness,” said David Bloom, a Los Angeles-based consultant specializing in social media. “Like Pogo said, ‘We have met the enemy, and it is us.’”


Indeed, most hacker intrusions count on curious users they can snare by simply having the users click on Web links or log in via fake Web pages that look like the home pages of the most popular social media destinations.


Spoofing, for instance, involves hackers sending you phony alerts or messages supposedly from your friends, or in the case of Twitter, followers. Once you click on them there’s the possibility of being rerouted to malicious sites or triggering automated viruses or remote code execution, which gives a hacker control of your browsing session.


Phishing, meanwhile, also counts on user participation but usually employs more familiar subject matter as bait. Users might get an “emergency” message, or a “video of you” from a friend. Another method is a fake error message from your social-networking site requiring your action.


With phishing, users are most often lured into clicking on a spoofed link or page such as a fake Web page that looks like the home page of a trusted Web site -- i.e., Facebook -- where users unwittingly type in login information or click on page links.


By extension, links are becoming an important component of social-networking security. Recently the heavy use of condensed URLs or Web addresses (tinyurl and to post links on Twitter and Facebook has made it easier to access or cut and paste into a Web browser. On the flip side, the URL shorteners can also make it nearly impossible to identify the domain of origin. This increases chances of clicking on a spoofed or malicious link. Also, URL shorteners can help spammers evade spam filters installed on personal computers.


“Whether it’s tinyurl or technology, users are getting into the habit of clicking links that they don’t know or trust,” says Corey Thomas, vice president of product and operations for IT security firm Rapid7. “This makes it much easier for a hacker to hijack the target’s system. The most important thing in a situation like this is letting users know the potential risks of tiny URLs and that they should not be clicked on unless absolutely necessary.”


Someone can easily tweet this blog and shorten the URL from Wise Bread to something that looks like an algebra equation and, bam, you now have "nice dresses."


So, remember that as you give status updates on where you are and what size shoes you're wearing while sitting there, people, perhaps even the wrong people, will be watching and waiting.


Related reading at Wise Bread:

Please help us to maintain a healthy and vibrant community by reporting any illegal or inappropriate behavior. If you believe a message violates theCode of Conductplease use this form to notify the moderators. They will investigate your report and take appropriate action. If necessary, they report all illegal activity to the proper authorities.
100 character limit
Are you sure you want to delete this comment?


Copyright © 2014 Microsoft. All rights reserved.

Fundamental company data and historical chart data provided by Morningstar Inc. Real-time index quotes and delayed quotes supplied by Morningstar Inc. Quotes delayed by up to 15 minutes, except where indicated otherwise. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by Morningstar Inc.


Smart Spending brings you the best money-saving tips from MSN Money and the rest of the Web. Join the conversation on Facebook and follow us on Twitter.