Criminals focus on social networks
PEOPLE HAVE BEEN trained to click on links. We know by now – I hope – we should never access links in emails claiming to be sent from our bank and other financial institutions. However, on Facebook and Twitter users will often click on a link without even reading the context. The posts are from their friends, after all – so there’s little cause for concern. Or is there?
Recent research shows that cyber criminals are increasingly focusing on social net- works to exploit the trust we have for platforms such as Facebook and Twitter, where we know the people posting information. In its latest threat report IT Security firm Symantec shows some startling numbers of infiltrated social media. According to the report, one of the primary attack techniques used on social networking sites involved the use of shortened URLs. These abbreviated website addresses are especially popular on Twitter, where users can’t post more than 140 characters and use services such as is.gd to shorten the address so it fits in their tweets. The problem is other users can’t see what the real address is – only the shortened version.
Symantec reported: “Under typical, legitimate circumstances these abbreviated URLs are used to efficiently share a link in an email or on a web page to an otherwise complicated web address. Last year, attackers posted millions of these shortened links on social networking sites to trick victims into both phishing and malware attacks.”
In the worst cases criminals managed to collect user names and passwords and then make their posts from those accounts.
“The report found attackers overwhelmingly leveraged the news feed capabilities provided by popular social networking sites to mass-distribute attacks,” the release reported. “In a typical scenario, the attacker logs into a compromised social networking account and posts a shortened link to a malicious website in the victim’s status area. The social networking site then automatically distributes the link to news feeds of the victim’s friends, spreading the link to potentially hundreds or thousands of victims in minutes.”