Social networking remains a security riskby Steve Ragan - Aug 18 2011, 11:00
Despite some growth in privacy settings and security, many social networking platforms are still a goldmine for criminals online. Research from PC Tools, Webroot, and the Pew Research Center's Internet & American Life Project, offers some interesting data when it comes to social threats.
Humans, free thinking and logical for the most part, have always been the weak point in the security chain. They are trusting to a fault, willing to help, and sociology tells us that humans love social interaction. On the Internet, social networks offer a rich source of information, entertainment, and interaction. Criminals know this, and they exploit it to the best of their ability daily.
In a survey of over 4,000 people, taken between June 3 and 8, 2011, security vendor Webroot examined the social networking threats users in the United States, United Kingdom and Australia face. Mapping yearly trends, Webroot observed that most of the participants are addicted to social networking, with some 45-percent of them admitting to visiting their favorite social portal several times a day.
Over the years, this has exposed them to countless survey scams, designed to harvest information from willing participants, help-a-friend scams, and Malware. Statistically, in the U.S., Webroot said that 18-percent of social networking users were exposed to the Koobface family of Malware, or other attacks in 2011. This is a figure that is up five percent from the previous year, and from ten percent in 2009. Similar jumps were reported in the U.K. as well.
"Threats targeting social networks are continuously being regenerated in new versions so their makers can evade detection and spread their malicious programs relentlessly across users' accounts," said Jacques Erasmus, Webroot threat expert.
"Over the last nine months, our threat intelligence network has detected more than 4,000 versions of the Koobface virus hit social network users.”
Why are these types of attacks growing? The exploitation of people's trust.
Pew Research recently reported, that when asked if they felt most people can be trusted, 46-percent of Internet users surveyed said yes. That may look bad, but consider the same Pew study showed that 89-percent of Facebook users reported that they have met the people on their friends list at least once.
It’s easy to trust on the Internet over time, but if you’ve met the person, most Internet relationships develop an instant bond. It’s human nature.
Sticking with the Pew research, 15-percent of Facebook users update their own status; 22-percent will comment on another person’s post or status; 20-percent will comment on a photo; and 26-percent will like something.
Over the years, Koobface spread through hijacked Facebook accounts and viral wall posts. Given that people know and trust the users on their friends list, it’s no surprise to learn that so many people were infected by it. Likewise, survey scams continue to grown in popularity on Facebook, propagated by the same factors observed by Pew. Criminals know that all they have to do is exploit the trust of one person, and the list of victims will grow.
Speaking about trends they’ve observed, another security vendor, PC Tools, issued a warning to the public recently on three types of threats growing in popularity.
“Cybercriminals are taking advantage of the buzz surrounding new social networks and features, by tricking unsuspecting users to divulge personal information or download malware,” said Mike Chen, Product Marketing Manager at PC Tools.
The first trend are the fake invites to join ‘new’ or ‘exclusive’ social groups, events or offers. After that, PC Tools noticed some growth in email alerts for ‘tagged’ or ‘facial-recognized’ photos directing to malicious sites. Finally, they warned users to be on the lookout for robots, or bots, on social networking sites that are sophisticated and lifelike.
Think if it like this, the typical user will usually form this thought:
"If Joe said to click this link or Joe liked this page, then it must be legit."
There are protections to stop Malware, and even some products that will scan links on Facebook or other social networks for malicious traffic. However, the best protection from these attacks, is also the same one that allows them; people.
On social networks, the more outrageous something seems, the more shocking something is, and if it looks too good to be true, trust your gut and avoid it.