How Can You Avoid Hackers and Scammers on Social Sites?
An article on Time Magazine’s Techland website last March indicated that up to 40% of social networking users have encountered malicious attacks in one form or another. In relation, a social media experiment conducted by Dasient–a web security firm–in which fictitious accounts were purposely created on 11 different social networking sites and used to post links to malware distributions points. Out of the 11, only 2 social networks were able to block access to the malware links.
In a report published by SophosLabs, the number of spam, phishing and malware incidents on social networking websites nearly doubled from April 2009 to December 2010. Researchers worldwide believe this trend is likely to continue in the years to come, as hackers extend malware threats and exploits past desktop computers and laptops to smartphones, tablets, and other web-ready mobile devices.
Threats on social networks succeed because they utilize one of the oldest, and perhaps most effective, techniques in a scammer’s arsenal–social engineering. By definition, social engineering is the act of utilizing psychological “tricks” in order to take advantage of individuals. In the case of social networks, fraudsters leverage users’ curiosities, too often proving the “curiosity killed the cat” adage true.
Internet (and particularly social networking) hackers and scammers have played upon both curiosity and world events to target users. Explicit and compromising photographs, seemingly important messages from other individuals (known or otherwise), celebrity gossip, headline news, alerts on the latest disasters, and freebie offers are common ploys to attract users to click on links to visit innocent-looking (but compromised) websites or download seemingly benign software. This is nothing new as these devious tactics have existed in the form of email spam and phishing for some time. The difference lies in the vast, and rapidly growing, number of registered users within social networking sites, with Facebook alone having more than 500 million users. The potential leverage for a hacker is enormous and a relatively small effort can reap huge rewards by targeting the users within a social networking website. As social networking sites continue to add users, the allure to hackers and scammers will also continue to grow, creating ever more sophisticated attacks with even greater reward opportunities.
Despite the best efforts to curb these threats, security in the social networking space rests largely in the hands of the users themselves. In the digital world of social networking, there are some tips that can help users from falling victim to online scams, fraud, identity theft, physical threats and other risks.
Frequently revisit the privacy settings within each social networking website.
Users should frequently revisit and fine-tune their privacy settings and the policies of the social networking site. Also, remember that when first joining a social network, most of the personal information users provide are viewable by the general public and can be easily found using search engines. This benefits the natural “reach” of each social network. Controlling what information is viewable, and by whom, helps make it more difficult for scammers to send unsolicited messages that may contain links to malicious or compromised websites.
Don’t download unsolicited software or click on URLs from unknown users.
Most of the functionality needed to participate in social networking communities doesn’t require additional software to be downloaded. Links posted within online communities can lead to web pages that are compromised or hosting malware. Even the most popular websites are not immune from being hacked and used to distribute malware.
Users should familiarize themselves with the behavior of members within their network.
Posts that are out of character with the typical behavior of a social networking website should be subject to suspicion.
Never provide personal information to unknown users or untrusted websites.
If comments, posts, or websites ask for personal information (outside the social network’s registration credentials), be alert as it could easily be a scam.
Be wary of all shared links from untrusted sources.
Shared links to websites outside of the social network is arguably the easiest way for users to fall victim to online scams or to get lured into downloading malicious software. Users should be particularly cautious with shortened links (links passed through a URL shortener service like Bit.ly, Goo.gl, Tiny.cc, Ow.ly and many others), which is another common tactic used by scammers.
Beware of messages that contain short and seemingly vague messages.
These are those “Take a look at this” or ”Check this out” subject lines, much like traditional email spam and phishing messages.
When possible, report suspicious behavior to the website owner or webmaster.
If malicious behavior or intent exists either within a social networking community or an external website, report such activity to the site’s administrators.
Keep operating systems and anti-virus software up-to-date.
The alerts that pop-up on a computer warning the user of malware or a malicious website occur for a reason and should not be ignored. Extensive resources are spent to keep software and systems current and many updates directly address security vulnerabilities. The same applies to mobile devices. As inconvenient and annoying as this may be, users should take the time to routinely run these updates. At a minimum, run the anti-virus weekly or set the system to run automatically.
Following the above tips will help end-users avoid scams, fraud, phishing attacks, and malware. Defense against such web threats; however, should not fall entirely on end-users.
zvelo’s proprietary and cutting-edge technologies constantly scan, categorize and analyze the actual web pages end users visit to determine the appropriate contextual categorization of the website, as well as to determine if a website is hosting malware or compromised in any way. From the most popular websites used around the world to pages and posts deep within social networking communities or blogs, zvelo’s mission is to provide the market’s leading accuracy, coverage, and zero-hour malicious website detection capabilities required for today’s dynamic Internet. zvelo licenses its technology through Original Equipment Manufacturers (OEMs) such as anti-virus software vendors, parental controls solutions vendors, mobile service providers, telco’s, ad network vendors and others for integration in applications such as web and content filtering, reputation filtering, analytics and other services used to protect end-users against malicious, compromised and infected websites.
