A message from one of your friends appears in your in box, sent via a social network site that you use regularly. The message promises a big deal and points to a Web site you’ve never heard of. You click the link—and the next thing you know, your PC is misdirected to a phishing page that steals your log-in details or to a drive-by download site that infects your system with a password-stealing Trojan horse. And your friend says that she never sent you the message. This is a security threat in social networking.
Whether the culprit is a fake LinkedIn profile page that serves up URLs leading to dangerous Web sites or a bogus Twitter message that purportedly comes from a friend, social networks are rapidly becoming the newest medium for malware attacks. As operating systems and applications became harder to hack directly, online criminals came to realize that it was much easier to fool people into clicking bad links, opening dangerous files, and running malicious software. They also figured out that the most effective place to exploit the trust that naturally exists between friends and colleagues was within the mechanisms of the online social networks themselves.
By now, most Internet users are savvy enough to recognize spam e-mail. But what about a spam tweet that seems to come from someone in your circle of friends and links to a page that looks almost exactly like the one you use to log in to Twitter? A week may go by, and suddenly the data thieves who now control your account begin sending messages with URLs—some of which perform drive-by downloads and infect the recipients’ PCs with malware—to everyone in your social network.
Facebook and MySpace users have already had to deal with a number of worms and other nasties that are designed to spread independently of any action taken by the account holder.
If you think that details of your social networking account may have been stolen or compromised in some other way, report your suspicions to the site’s support team immediately. Change your password frequently, and avoid clicking message links that purport to transfer you back to the social network site. Instead, to get back to your account, type the site’s address directly into your browser