Social Networking Security Scams
by Michelle V. Rafter
The message looks like any other email from Facebook alerting you to changes or updates. But if you look closer, you may notice that it didn't come from Facebook. And if you click on one of the links in the email, you could be giving your private information to digital scammers.
Welcome to the newest flavor of Internet deviance, the social network scam.
The popularity of Facebook and other social networks hasn't been lost on spammers and Internet criminals, who've picked up their underhanded operations and moved them to the virtual communities.
In fact, social networking sites such as Facebook and Twitter have become some of the most popular targets for online attackers. Social networks are the perfect breeding ground for malicious coders because they have lots of users, good reputations and support open software applications, meaning a decent programmer can write code -- good or bad -- that works inside the network.
The average Internet user figured out awhile ago not to open email from strangers due to safety concerns -- but many haven't wised up to social network scams yet.
Beware These Social Network Scams
New types of social networking scams are popping up all the time. Some of the most common include:
Like the previously mentioned Facebook example, this email appears to have a legitimate log-in page for Facebook or another social network in the body of the message. But it's really a fake front for a phishing site that tries to con unsuspecting visitors out of personal information like a password or account number.
Similar to a phishing campaign, this innocent-looking email message appears to come from a legitimate social network account and has a zip file attached that is purportedly a picture of the friend making the request. But if opened, the attachment releases some sort of virus, such as a Trojan horse.
The YouTube Con
In this gambit, spammers set up legitimate YouTube profiles to advertise products and services, including X-rated materials. Spammers send email invitations to other YouTube members to check out their profiles. If someone clicks on the link they go to a real YouTube profile that's little more than an ad -- in some cases a very risqué ad -- with links to the spammer's website.
To Protect Yourself, Be Smart
The key to avoiding social network scams is being cautious about who you connect to, says Krista Canfield, spokeswoman for LinkedIn, the business social network. Ideally, accept only invitations to connect to people you've actually met, worked or gone to school with or know some other way, Canfield says. If you do, you have more control over who can see your profile and contact you. "Connecting only to people you trust will help you keep your contact information safe," she says.
Here are some other ways to stay safe:
1. When creating or updating your profile on a social network, don't include personal information like your email address or phone number.
2. Switch from HTML to text-based email. Malicious bits of code can be written into the programming language used to create HTML messages and download as soon as you view the message. If you don't want to switch, use your email program's preview function to look at a message before actually opening it.
3. To prevent people from hacking into your social networks, pick passwords that aren't easy to guess. The best are at least eight to 10 characters long and contain a combination of upper and lowercase letters plus numbers and symbols. Make up your own, or look online at password generating sites such as RoboForm. Use different passwords for different accounts and store them in a password vault such as KeePass or Password Corral.
4. If you use a shared computer to log onto a social network -- like at work or the library -- be sure to completely log off of your account when you're finished.
5. If you've had privacy problems or suspect something's wrong, contact the social network's technology support staff to report it.
Finally, the best defense is a good offense, security experts say. So be sure to install the latest security software and keep it updated. It's the first step toward protecting yourself and your important private information.