Social Media and Identity Theft in 2010

by Jabulani Leffall on 5 January 2010 5 comments
Photo: peeterv

In the next few days and weeks you will be bombarded with things to watch for in 2010 — you know, lists and such.

They will detail ways to save, what the best vacation destinations are, who's hot and who's not — you know, the important stuff.

Most of this important stuff, such as this blog post for example, you may wish to share via a social networking site: Facebook, Twitter, LinkedIn, MySpace — you know, the important sites.

But hark, hark I say, these sites are actually important sites because millions use them. And millions such as yourself, will be vulnerable to scams, trickery and tomfoolery that will at best lead to some embarrassing hijacking of your page or computer and at worse, help a hacker dial down into what in the data protection world is called PII or personally identifiable information. We've covered a little bit of this in this blog but never enough.

Allow me to pose this question: Would you walk into a dark alley that says "Check out this really cool video of you and your friends"? Would you& trust a Bobby D. like character who says "I got some nice dresses for ya, right around the corner if you walk into that alley"? Would you walk into that alley with your ID in hand, brandished for all to see?

Of course not. You are, after all, kind of sane. I mean you're reading this aren't you?

Yet so many people want to check out those cool videos and see which designer dresses that Bobby Digital has for them every time they log on. Sure they'd skipped the dark alley but only to do the same exact thing digitally on Facebook, et. al, every single day.

This is why Antivirus software firms such as McAfee and Symantec both see 2010 as a breakthrough year for social media sites — wait for it — surprise, uhh yeah, a breakthrough in terms of them being attacked by hackers.

What's alarming, if not brow-raising, is that most of the hacks on your favorite social portals for posting, partying, pandering, pithiness, and persiflage will take place because you or someone you know, walked into that dark digital alley in search of fun, just curious and also just plain careless.

“Mostly it's the users in an individual or small business environment through carelessness,” said David Bloom, a Los Angeles-based consultant specializing in social media. “Like Pogo said, ‘We have met the enemy and it is us.

Indeed most hacker intrusions count on curious users who they can snare by simply having the users click on web links or log in via fake web pages that look like the homepages of the most popular social media destinations.

Spoofing, for instance, involves hackers sending you phony alerts or messages supposedly from your friends, or in the case of Twitter, followers. But once you click on them there’s the possibility of being re-routed potentially malicious sites or triggering automated viruses or remote code execution, which gives a hacker control of your browsing session.

Phishing, meanwhile, also counts on user participation but usually uses more familiar subject matter to users as bait. Users might get an “emergency” message, or a “video of you” from a friend. Another method is a fake error message from your social networking site requiring your action.

With Phishing, users are most often lured into clicking on a spoofed link or page such as fake web pages that look like home pages of trusted web sites — i.e. Facebook — where users unwittingly type in login information or click on page links.

By extension, links are becoming an important component of social networking security. Recently the heavy use of condensed URLs or web addresses (tinyurl and bit.ly) to post links on Twitter and Facebook has made easier to access or cut and paste into a web browser. On the flip side, the URL shorteners can also make it nearly impossible to identify the domain or origin. This increases chances of clicking on a spoofed or malicious link. Also, URL shorteners can also help spammers to evade spam filters installed on personal computers.

“Whether its tinyurl or bit.ly technology, users are getting into the habit of clicking links that they don’t know or trust,” says Corey Thomas, Vice President of Product and Operations for IT security firm Rapid7. “This makes it much easier for a hacker to highjack the target’s system. The most important thing in a situation like this is letting users know the potential risks of tiny URLs and that they should not be clicked on unless absolutely necessary.”

Someone can easily Tweet this blog and shorten the url from Wise Bread to something that looks like an algebra equation and bam you now have "nice dresses."

So remember this year as you give status updates on where you are and what size shoes you're wearing while sitting there, people, perhaps even the wrong people, will be watching and waiting.

Cue ominous musical score and ring in 2010 with vigilance.

0
No votes yet
Your rating: None
ShareThis

comments

5 discussions

Add New Comment

CAPTCHA
This test helps prevent automated spam submissions.
Guest's picture
Guest

That was kind of confusing......but alarming! (at least, I think it must be! lol!!!)
How do you KNOW it's a "tiny url" or a bit.ly?? What does it look like?

Guest's picture
Beth

The link will be in the form of "tinyurl.com/#####" or "bit.ly/#####"

Guest's picture

these damned hackers!! can't they use their intelligence to make money honestly like the rest of us. i hope the precautions i have taken are enough

Guest's picture
aylaeh

i work in the fraud dept for a major financial institution. i see identity theft on a daily basis. it is very scary. i have to speak with customers who have no idea that their personal info has been compromised. they usually do not know who it is that has gotten a hold of their information and they want to know how their info was compromised.

i've been working in this area for around 4 years. it is scary how smart perps can be. spoofing, phising, etc. as i have often said to customers if someone really wants to get your information they are going to find a way to get it. if you look at it this way - say you are at a restaurant and you pay with a credit card. you give your card to the waiter. they take it away and you have no idea where they take it or what happens to it while they have it in hand.

one tip that was passed around work a while ago is this: whenever you pull out your card to pay something make sure that you keep a finger over part of your account number because now that phones have cameras some people have been taking pictures of cards and creating counterfeit cards.

Guest's picture
Adolfo

Anything which reduces the risk that your car will be stolen will reduce their risk that they will need to pay a theft claim. - Make sure you have an up-to-date international driver`s license. This reduces the risk of default for the insurance company.