Black Hat spammers and malicious cyber criminals have figured out that members of social networking websites are easy marks. The cunning cyber crooks exploit our collective insecurities. We all want to be liked by our social networking friends. So, chances are, quite a few users would automatically click on a legit-looking email notification of new messages or alluring invites. When they do, they are directed to dangerous malware sites that infect their computers and expose them to identity theft. The computer security firm Symantec released a report this week sounding the alarm on the disturbing spike in spam, malware and phishing attacks waged against social network members during the past three-months. And with so many users connecting to social networking sites from work, businesses are at risk as well.
Facebook is Favorite Target of Cyber Crooks
Symantec found that Facebook members are favorite targets of social network spammers. With more than 500 million active users that’s hardly surprising. Facebook accounts for 40 percent of all attacks, followed by Twitter at 37 percent and YouTube at 23 percent. After analyzing the methodology of the various social spamming schemes, Symantec discovered that the cyber campaigns follow a cyclical pattern, with each attack lasting 15 to 20 days. Spammers ride the lucrative malware gravy train until they are caught, and they just move on to the next social network site. The volume of attacks on Facebook members spiked in April and then waned, after the site tightened its security using clickjacking protections. The cyber criminals then moved on to Twitter, until the micro-blogging site shut them down. YouTube users were then bombarded with emails containing fake links to malicious sites shilling Viagra and porn.
Subject Line Link Bait
Beware of vague subject line messages notifying you of an “unread” message or pending invite. YouTube users are lured in by notifications of an “approved” video. Symantec compiled a list of the many email scams used by cyber criminals as link bait to lure social network users to their fraudulent sites:
Subject: Hi, you have notifications pending
Subject: Oops.. You have notifications pending
Subject: Hi, You have 1 new direct message
Subject: You have 2 direct message on Twitter!
Subject: YouTube Administration sent you a message: Your video has been approved
Subject: YouTube Administration sent you a message: Your video on the TOP of YouTube
Subject: Direct message from [removed]
Subject: Warning: Your inbox is full, message not accepted
Subject: [removed] sent you a message on Facebook…
Of course, the use of poor grammar, such as “You have 2 direct message (sic) on Twitter!” should be a dead giveaway.
Social Hackers Already Attacked Google+
Earlier last week, the search engine giant Google launched a trial run of a new social networking platform, dubbed Google+. The beta site is currently restricted to invited users. Surprisingly, the Google+ invites became so popular they are now being sold on eBay. The Black Hat social hackers didn’t waste any time. Within days of the run on the coveted Google+ invites, cyber criminals launched using the invites as link bait. The emails resemble the same templates used by Google to send legitimate invites, but instead of a link to Google+, the recipients are directed to sites selling Viagra and other drugs.
Don’t click on email links purportedly directing you to “unread” messages or pending invites, unless you are in the market for some pharmaceuticals or adult sex products.