Social Media and Identity Theft in 2010
In the next few days and weeks you will be bombarded with things to watch for in 2010 — you know, lists and such.
They will detail ways to save, what the best vacation destinations are, who's hot and who's not — you know, the important stuff.
Most of this important stuff, such as this blog post for example, you may wish to share via a social networking site: Facebook, Twitter, LinkedIn, MySpace — you know, the important sites.
But hark, hark I say, these sites are actually important sites because millions use them. And millions such as yourself, will be vulnerable to scams, trickery and tomfoolery that will at best lead to some embarrassing hijacking of your page or computer and at worse, help a hacker dial down into what in the data protection world is called PII or personally identifiable information. We've covered a little bit of this in this blog but never enough.
Allow me to pose this question: Would you walk into a dark alley that says "Check out this really cool video of you and your friends"? Would you& trust a Bobby D. like character who says "I got some nice dresses for ya, right around the corner if you walk into that alley"? Would you walk into that alley with your ID in hand, brandished for all to see?
Of course not. You are, after all, kind of sane. I mean you're reading this aren't you?
Yet so many people want to check out those cool videos and see which designer dresses that Bobby Digital has for them every time they log on. Sure they'd skipped the dark alley but only to do the same exact thing digitally on Facebook, et. al, every single day.
This is why Antivirus software firms such as McAfee and Symantec both see 2010 as a breakthrough year for social media sites — wait for it — surprise, uhh yeah, a breakthrough in terms of them being attacked by hackers.
What's alarming, if not brow-raising, is that most of the hacks on your favorite social portals for posting, partying, pandering, pithiness, and persiflage will take place because you or someone you know, walked into that dark digital alley in search of fun, just curious and also just plain careless.
“Mostly it's the users in an individual or small business environment through carelessness,” said David Bloom, a Los Angeles-based consultant specializing in social media. “Like Pogo said, ‘We have met the enemy and it is us.
Indeed most hacker intrusions count on curious users who they can snare by simply having the users click on web links or log in via fake web pages that look like the homepages of the most popular social media destinations.
Spoofing, for instance, involves hackers sending you phony alerts or messages supposedly from your friends, or in the case of Twitter, followers. But once you click on them there’s the possibility of being re-routed potentially malicious sites or triggering automated viruses or remote code execution, which gives a hacker control of your browsing session.
Phishing, meanwhile, also counts on user participation but usually uses more familiar subject matter to users as bait. Users might get an “emergency” message, or a “video of you” from a friend. Another method is a fake error message from your social networking site requiring your action.
With Phishing, users are most often lured into clicking on a spoofed link or page such as fake web pages that look like home pages of trusted web sites — i.e. Facebook — where users unwittingly type in login information or click on page links.
By extension, links are becoming an important component of social networking security. Recently the heavy use of condensed URLs or web addresses (tinyurl and bit.ly) to post links on Twitter and Facebook has made easier to access or cut and paste into a web browser. On the flip side, the URL shorteners can also make it nearly impossible to identify the domain or origin. This increases chances of clicking on a spoofed or malicious link. Also, URL shorteners can also help spammers to evade spam filters installed on personal computers.
“Whether its tinyurl or bit.ly technology, users are getting into the habit of clicking links that they don’t know or trust,” says Corey Thomas, Vice President of Product and Operations for IT security firm Rapid7. “This makes it much easier for a hacker to highjack the target’s system. The most important thing in a situation like this is letting users know the potential risks of tiny URLs and that they should not be clicked on unless absolutely necessary.”
Someone can easily Tweet this blog and shorten the url from Wise Bread to something that looks like an algebra equation and bam you now have "nice dresses."
So remember this year as you give status updates on where you are and what size shoes you're wearing while sitting there, people, perhaps even the wrong people, will be watching and waiting.
Cue ominous musical score and ring in 2010 with vigilance.