Latest social media app: ID theft
Antivirus software companies predict a breakthrough year for hacker attacks via social-networking sites.
In the last few months you've probably been bombarded with things to watch for in 2010: ways to save, what the best vacation destinations are, who's hot and who's not -- you know, important stuff.
These sites are actually important because millions of people use them. And millions, such as yourself, will be vulnerable to scams, trickery and tomfoolery that will at best lead to some embarrassing hijacking of your page or computer and, at worse, help a hacker dial down into what in the data-protection world is called PII or personally identifiable information. We've covered a little bit of that at this blog but never enough.
Allow me to pose this question: Would you walk into a dark alley that says "Check out this really cool video of you and your friends"? Would you trust a Bobby D.-like character who says, "I got some nice dresses for ya, right around the corner if you walk into that alley"? Would you walk into that alley with your ID in hand, brandished for all to see?
Of course not. You are, after all, kind of sane. I mean you're reading this, aren't you?
Yet many people want to check out those cool videos and see which designer dresses Bobby Digital has for them every time they log on. Sure they'd skipped the real dark alley, but only to do the same exact thing digitally on Facebook, et al., every single day.
What's alarming, if not brow-raising, is that most of the hacks on your favorite social portals for posting, partying, pandering, pithiness, and persiflage will take place because you or someone you know walked into that dark digital alley in search of fun, just curious and also just plain careless.
“Mostly it's the users in an individual or small-business environment through carelessness,” said David Bloom, a Los Angeles-based consultant specializing in social media. “Like Pogo said, ‘We have met the enemy, and it is us.’”
Indeed, most hacker intrusions count on curious users they can snare by simply having the users click on Web links or log in via fake Web pages that look like the home pages of the most popular social media destinations.
Spoofing, for instance, involves hackers sending you phony alerts or messages supposedly from your friends, or in the case of Twitter, followers. Once you click on them there’s the possibility of being rerouted to malicious sites or triggering automated viruses or remote code execution, which gives a hacker control of your browsing session.
Phishing, meanwhile, also counts on user participation but usually employs more familiar subject matter as bait. Users might get an “emergency” message, or a “video of you” from a friend. Another method is a fake error message from your social-networking site requiring your action.
With phishing, users are most often lured into clicking on a spoofed link or page such as a fake Web page that looks like the home page of a trusted Web site -- i.e., Facebook -- where users unwittingly type in login information or click on page links.
By extension, links are becoming an important component of social-networking security. Recently the heavy use of condensed URLs or Web addresses (tinyurl and bit.ly) to post links on Twitter and Facebook has made it easier to access or cut and paste into a Web browser. On the flip side, the URL shorteners can also make it nearly impossible to identify the domain of origin. This increases chances of clicking on a spoofed or malicious link. Also, URL shorteners can help spammers evade spam filters installed on personal computers.
“Whether it’s tinyurl or bit.ly technology, users are getting into the habit of clicking links that they don’t know or trust,” says Corey Thomas, vice president of product and operations for IT security firm Rapid7. “This makes it much easier for a hacker to hijack the target’s system. The most important thing in a situation like this is letting users know the potential risks of tiny URLs and that they should not be clicked on unless absolutely necessary.”
Someone can easily tweet this blog and shorten the URL from Wise Bread to something that looks like an algebra equation and, bam, you now have "nice dresses."
So, remember that as you give status updates on where you are and what size shoes you're wearing while sitting there, people, perhaps even the wrong people, will be watching and waiting.
Related reading at Wise Bread:
Copyright © 2013 Microsoft. All rights reserved.
Quotes are real-time for NASDAQ, NYSE and AMEX. See delay times for other exchanges.
Fundamental company data and historical chart data provided by Thomson Reuters (click for restrictions). Real-time quotes provided by BATS Exchange. Real-time index quotes and delayed quotes supplied by Interactive Data Real-Time Services. Fund summary, fund performance and dividend data provided by Morningstar Inc. Analyst recommendations provided by Zacks Investment Research. StockScouter data provided by Verus Analytics. IPO data provided by Hoover's Inc. Index membership data provided by SIX Financial Information.
ABOUT SMART SPENDING
LATEST BLOG POSTS
Think saving money, paying bills, comparing prices and shopping for deals take way too much work? All of these can be done with very little effort on your part.