PETALING JAYA: Social networking sites like Facebook and Twitter have become targets for phishing and scamming attacks as online criminals follow the latest Internet trends that attract the most users.
These criminals recognise the fact that communication through Facebook is all about personal connections and communities of friends, which involve a high level of trust.
When you receive a message on your Wall from one of your Facebook friends, it’s very different from receiving an anonymous e-mail or spam message, said F-Secure Corp, a maker of antivirus software and Internet security tools.
It is precisely this trusted environment — and its 250 million users worldwide — that makes Facebook such a tempting target for criminals.
Phishing and financial scams are based on creating a false sense of trust for the target of the attack, enabling the criminals to gain access to valuable information or direct financial gain.
There have been a series of bogus messages on Facebook from “friends” recently, asking for financial help, according to F-Secure.
Facebook users, it advised, should always treat such requests with caution and make a thorough identity check before sending any money, even when the messages appear to come from a family member or other trusted person.
Sean Sullivan, a security advisor at F-Secure, said weak passwords provide a common way for criminals to hack into social networking sites.
“Their aim is to harvest contact lists, phone numbers and other information which they can sell to spammers or use in targeted attacks to make money,” he said.
The damage caused by a hacked Facebook account is all the greater if the same password is also used for the user’s e-mail account.
This means the criminals can easily reset all the user’s online passwords, get information about banking details and find answers to security challenge questions.
Sometimes the answers to personal security questions, for example middle names, house addresses and pets’ names, can even be found directly on Facebook.
“As the Facebook username consists of an e-mail address, it is essential that different passwords are used for logging into personal e-mail accounts and for logging into Facebook and other social networking sites,” Sullivan said.
“It is also a good idea to have different primary e-mail, business e-mail, and social-networking e-mail accounts.”
source : the star