Cybercrime goes social

We upload our pictures, our videos and post intimate details about our lives here. We reach out to friends and family here. And this very place is becoming a hotbed for cybercrime.

Social networking sites will be the focus of cybercriminals in 2011, according to the annual threat predictions report by McAfee, a computer security company.

A Facebook group warns users about scams prevalent on the social networking site.

A Facebook group warns users about scams prevalent on the social networking site.

“We are seeing a pretty big increase in the number of malicious type attacks using social networking as a medium to spread” said Patrik Runald, senior manager of security research at Websense, an Internet security research firm.

Most cyberthreats are seen on Facebook and Twitter, the two most popular social networking sites, according to Runald. Cybercriminals use social engineering on these sites to bait unsuspecting users. Facebook messages that appear to be from a friend might in fact be a cybercriminal tricking people into disclosing personal information or sending money.

Ezra Semble, a 20-year-old Northwestern University student, knows what it feels like to be duped on Facebook.

“Someone chatted with me on Facebook and said I can’t believe you have this video. I clicked on it and it was a random page, and out of nowhere everyone on my chat got a message from me for that video. Later, Facebook told me that someone had logged into my account from some weird location and reset my password,” he said.

Among the many social networking tricks and scams, “malicious links, phony friend requests and phishing attempts” have become the prevalent form of cybercrime, according to the report “A Good Decade for Cybercrime” by McAfee.

“Phishing is like a spam message. It’s some kind of an email or fake log in attempt,” explains Josiah Matlack, who works for an IT organization and studies computer science at Northwestern University.

“They will try to present a convincing log in screen, like the page on Facebook. The page isn’t owned by Facebook, it goes to some external server so when you log in they get your log in password. Since people use the same password across many different sites they can do a guess and check thing across different sites like gmail, PayPal, and eBay and get your information,” Matlack added.

Cybercriminals are becoming more adept at scamming people. In the U.S. cybercrime complaints increased more than 22 percent from 2008 to 2009 and the monetary loss due to cybercrime more than doubled from $265 million to $ 560 million, according to a report by the Internet Crime Complaint Center.

While advances in technology are helping these tech savvy crooks, another reason for the rise in cybercrime is the cybercriminals ability to understand and manipulate the users’ psychology.

“Cybercriminals are becoming more in tune with what the general public is passionate about from a technology perspective and using it to lure unsuspecting victims,” said Mike Gallagher, senior vice president and chief technology officer of Global Threat Intelligence for McAfee, in a statement.

Future attacks on social networking sites will become more and more personalized, as users continue to put a wealth of personal information online. These cyber attacks will range from large-scale financial scams and “serious real world crimes” to less severe hacking attempts, according to the McAfee report.

Cybercriminals can post tweets on hot topics that direct users to dangerous websites, which can steal the unsuspecting user’s credit card information. Foursquare and other location-based services can be tapped into by crooks to find out user’s current location and coupled with information about the user’s physical address this can lead to “serious real world crimes, like robbery.”

One very basic precaution users can take is to check whether the link a site is directing toward matches the real site’s link or not, according to Matlack.

“If it’s Facebook it should say facebook.com. If it doesn’t then it’s a phishing attempt,” he added.


Comments are closed.