5 Facebook, Twitter Scams to Avoid
From phishing scams that play to your curiosity, to criminals posing as friends to steal your money, here are the latest ways scam artists are using social networks to con you
By Joan Goodchild , Senior Editor
July 13, 2009 — CSO —
According to research recently conducted by security firm Webroot, approximately three in ten social network users have experienced some form of a security attack, such as a virus infection or a phishing scam, on a social network in the last year. As the popularity of these social networks explodes, and more organizations ease restrictions among employees (See: Security Pros Warm to Web 2.0 Acess), they become more attractive for criminals seeking access to private information that can be used for profit. CSO asked two social network security experts for some of the latest scams found on Facebook and Twitter, and how to recognize and avoid them (For more tips to stay safe see: Seven Deadly Sins of Social Networking).
Secret details about Michael Jackson's death!
Celebrity news will always be used in criminal ploys because scammers know that many people love gossip. The recent death of Michael Jackson is already spawning bad emails that contain malware in their attachments, according to several security firms, including Sophos. Graham Cluley, senior technology consultant with Sophos, predicted immediately following Jackson's death that cyber criminals would soon start to take advantage of the news to pull off scams.
Typically, malicious Facebook and Twitter messages relating to celebrity news contain links that claim to have "secret" information. In the case of Jackson, Cluley said he has heard some of the lures include promises of songs by the King of Pop that have never been heard before or new details and pictures of Jackson's death. However, the link to the information then typically prompts the user to download an update of Adobe Flash. Of course, instead of an update, users end up with a bot Trojan or other piece of malware installed secretly on their computer.
"Perhaps one of the most famous of these is Koobface," said Cluley. "There have been many iterations of that designed to steal information from your computer. Once they have compromised your computer, they can use it to send spam, install spyware, steal your identity, or launch a denial of service attack."
The Jackson death is only one example, said Cluley. Past celebrity scams that have used this ploy included one that had the headline "Paris Hilton tosses dwarf on street."
I'm trapped in Paris! Please send money.
CSO reported details of this scam, often called a 419 scheme, several months ago (See: 9 Dirty Tricks: Social Engineers' Favorite Pick-Up Lines). But it continues to make the rounds on Facebook, according to Cluley, and fools unsuspecting users.