June 21, 2011Blog Staff By Blog Staff

Phishers Cast Their Nets in the Social Media Pool

By Ian Moyse, EMEA Channel Director

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

It can seem at times that the only people who like change are Internet attackers. And they don’t just like it—they need it. Technology’s rapid changes give cybercriminals new attack vectors to exploit, and new ways to turn a profit out of someone else’s misfortune.

Take phishing, for example. The concept is simple: Send an email disguised as a message from a bank, PayPal, or UPS. Wait for the user to click a link in the message, and enter their private details into a phishing site, and presto! The attacker attains financial or personal login details that can be used to commit fraud or theft.

Of course, it was only a matter of time before most people caught on to email scams. Users read again and again not to click on such links. Mail solutions became better at spotting phishing emails and filtering them into a junk email folder. Even free Web mail providers now catch the majority of these attacks.

Once cybercriminals noticed their traditional phishing approaches were returning lower response rates, they rapidly adjusted to new mediums. As a result, a new trend emerged: smishing (social media phishing) became the new trend in cyber attacks.

The underlying concept is the same, but the attack mechanism is different. Instead of targeting users via email, cybercriminals use social media messaging and advertising to lure their victims.

For hackers, it’s the perfect opportunity. They can cheaply buy lists of Facebook login details, hack into users’ accounts, and send personal-looking messages to an individual’s entire friend list. The majority of users are more trusting of a post from a friend than a suspicious email in their in-box, making smishing more effective at luring users to phishing sites.

Just remember: What you see is not always what you get, especially in the cyber world. When you receive a message or shared link from a friend, don’t assume it is actually from them. The attack vector is new, but our old advice still applies: Stop and think before you click.Webroot blog stats

Share Button

2 Responses to Phishers Cast Their Nets in the Social Media Pool

  1. Don’t click on everything that comes your way and delete this junk from your wall so your friends don’t do it either.

  2. I thank you for all the great information and what to watch for when your online. BUT I believe that we should spread the world don’t just comment here so everyhere JUST LIKE PAY IT FORWARD…Thanks guys & gals for all your hard work and dedication

Leave a Reply

Your email address will not be published. Required fields are marked *