Four Signs of an Easy Victim on Social Networks
What makes cyber criminals target you in a social network scam? Sophos' recent study identifies the signs of a soft target online.
By Joan Goodchild , Senior Editor
February 15, 2010 — CSO —
Earlier this month, CSO reported that cybercrime attacks on Facebook, Twitter and LinkedIn have exploded, according to a recent survey conducted by security firm Sophos(See:Facebook, Twitter, Social Network Attacks Tripled in 2009).Reports of malware and spam rose 70 percent on social networks in the last 12 months and 57 percent of users report they have been spammed via social networking sites. Another 36 percent reveal they have been sent malware via social networking sites (See also: Social Medial Risks: The Basics).
The "Social Security" survey is part of Sophos' 2010 Security Threat Report, which looks at current and emerging computer security trends and found that social networks are opening up new opportunities for cyber criminals to locate so-called "soft" targets and pull of precise and targeted attacks. We wanted to know: What makes someone look like an easy hit for the bad guys? Chet Wisniewski, Senior Security Advisor with security firm Sophos, gives us some clues.
You have access to a VIP or valuable data
Security researchers are noting two distinct kinds of attacks on social networks, according to Wisniewski. The first; the more traditional spray spamming where many users receive a message on their Facebook wall, in their inbox, or on Twitter, that contains a malicious link. But the other, more disturbing trend, said Wisniewski, is that these social networks, by nature of how they work, make it possible for criminals to cyber stalk potential victims. The bad guys watch your activity to see what you say, and then use it in an attack (Read more in Seven Deadly Sins of Social Networking Security).
"There is definitely another network of crime where they are taking time, and closely watching in order to pull off certain things," said Wisniewski.
Users at risk for this kind of attack might be a person who has access to something or somebody that the criminal wants. You might be the executive assistant to a corporate CEO, or a human resources representative who has access to all of your company's employee files. You may not think anyone notices, but this makes you a desirable target, said Wisniewski.
"If you are someone's executive assistant innocently using Facebook, and the criminals know you are associated with someone important, the can target your profile to try and get malware onto your computer," he said. Once they've installed malware onto your computer, hackers can gain access to sensitive information with keystroke logging technology, which is just one example of a way to breech sensitive data. In fact, in the recent highly-publicized China-based online attacks of Google, it was revealed the criminals looked up key employees on social networks and found out who their friends were on Facebook. They then hacked the accounts of those friends and contacted their victims pretending to be someone they were not. The employees clicked on malicious links from the so-called "friends," and were lead to malware.