Being involved in law enforcement for the past 26 years has given me some insight into the criminal element of society. The criminal, although a lazy animal, is very astute to preying upon human behavior, such as curiosity, utilizing the art of “social engineering.” Just like the real world, the cyber criminal is now turning to the same techniques online that prey upon human behavior and cyber habituation. One such social engineering precept is if a message is received from a known “friend,” a user is more likely to click on a link, picture, or video.
When email first became popular, so was the junk mail (spam) that came with it. The goal of spam was to trick us into clicking on a link that pretended to be something else, when in fact it was malware covertly designed to either steal our personal information or take control of our computer.
Today, with the popularity of social networking, we are now seeing an increase in what is being called “social spam.” Recently, Facebook advised that social spam is growing more rapidly than their user base. It is because of this fact that Facebook has created spam-fighting teams that are dedicated full-time to this new threat.
So, how does social spam work?
- Once malware has been downloaded onto a friend’s computer, Smartphone or tablet, it can allow a criminal to access their Facebook account as if they were the actual owner.
- Once the criminal takes control of your friend’s computer, they then post a message on your page offering a “free iPad, free iPhone, gift certificates to the iTunes or Android store” or messages you to click on a picture or watch an attached video that you can’t ignore.
- Once you click on the link, photo, video, or “like button” provided, it then takes you to a second website that asks you to now click on another button to access the photo, video, or gift certificate.
- It is when you click the button on the new site, that you now unknowingly authorize the downloading of harmful malware onto your computer.
- This malware now infects your computer, just like your friends, and uses your contacts/friends, your wall, and your profile to continue the fraud.
- The goal of social spam is to collect as much personal information about the user as possible including email addresses, login information, and social relationship data that can now be exploited. Some malware may also provide a criminal access to other personal information on your computer such as bank account logins or credit card information. What is important to remember is that social spam often allows the criminal to collect personal information about you, so that they can impersonate you online for criminal purposes.
How can we, as social media consumers, minimize the above noted risks?
- Recognize that “social spam” is now a current threat.
- If an offer is too good to be true, then it likely is. DON’T click the link.
- If a post is too enticing, then it likely is. DON’T click on it.
- If you do click a link, picture, video and it takes you to another website, DON’T click a second time as this will now authorize your computer to download probable malware.
- Given that so many social networks are being hi-jacked, remember that the friend that you know may not actual be who they say they are. If a friend posts something out of character, it may not be your friend who is posting. Before you click, call your friend and verify, especially when your spider sense is tingling.
- Don’t friend people who you have never met face-to-face.
- Ensure that you always keep your computer security updated; make sure you have uploaded current operating system patches, use robust passwords, use file encryption for sensitive files and passwords, utilize current and updated security software, and ensure that you have both software and hardware firewalls in place and that you have encrypted your Wi-Fi.
Digital Food For Thought
Darren Laur
AKA #thewhitehatter