Social Media Security

It seems that the cybercriminals took a bit of a holiday over the Christmas period, with spam levels reportedly dropping from around 70 billion to less than 30 billion (measured on the 1st January 2011).

However, security specialists, Sophos, issued their  Threat report for 2011 which indicates a 90% increase in people being sent malware on Social Networks.

Social engineering is a generic term for the psychological tricks used to persuade people to compromise their online security. This might a range of actions such as opening an email attachment, clicking a button, following a link, or filling in a form with sensitive personal information.

All kinds of scams and many of the different methods used to  spread malware, make use of social engineering techniques to target human desires and fears, as well as just plain curiosity, to get past the caution we should all be exercising when online.

In July 2010, Facebook exceeded 500 million active users, making it not only the largest social  networking site, but also one of the most popular destinations on the web with searches in Facebook actually exceeding Google!

With other social media sites like Twitter and LinkedIn having massive growth as well, social media is clearly an ideal target for scammers.

One of the more common types of attacks hitting Facebook users is “clickjacking,” or “UI redressing”. Such attacks utilise maliciously created pages where an opaque layer is inserted above a real button (e.g. “like” or “share”) which means that innocent victims sharing or “liking” the content  results in sending the attack out to their contacts through newsfeeds and status updates etc thus propagating the scam.

TIP – always worth a try and a good habit to get into – before clicking on a link or button, just hover your mouse over it and look at the destination link in the status bar at the bottom left corner of your browser.  If it says something quite different to what you are expecting, be careful.