Wednesday, February 04, 2009

Malware worms its way into social networking

Social network site users tend to be more trusting than they should be about emails from "friends". They seem to assume that since they have to login to the account that messages from others are "safe". Criminals know that.

So with increasingly sophisticated social engineering, criminals are successfully attacking social networking services. Angry Facebook members created a special facebook page for victims of the Koobface worm.

Malicious software "scrapes" Facebook for all the user data it can find. People who give out real names, addresses, email addresses, and other information may find it cropping up in the hands of criminals. We teach kids to be wary of strangers, but then we turn around are and much too trusting in our online behavior ourselves. Parents, schools, and churches all need to start educating kids and even other adults about being wary of online personas and of being careful not to release personal information. Criminals now "mine" data from multiple sites to "fill in the picture" about victims identities and personal information.

Government agencies normally let their employees do personal surfing, yet they are starting to block access from the government offices to social networking sites. Why? It just too unsafe, at least for now.

Part of the challenge is that in order for social networking sites to be "fun", they have to encourage their members to share information. The default for most social networking sites is to be "open" rather than to have tight security. And most people are much more gullible online than in the "real world". So social networking sites like FaceBook and MySpace may continue to be a rich feeding ground for criminals.

If you insist on risking use of a social networking site, it might be a good idea to subscribe to a service that tracks your credit card actions as well as actions taken that relate to your credit rating. For example, you'd get an alert if someone was applying for a loan or credit card and using your credit record. And make sure to keep your Antivirus, AntiSpyware, and Firewall software up to date. You might also want to add prayer to the list. You may need it.