Social networking new security nightmare
Social networking sites have experienced dramatic growth during the last few years and also become a potential goldmine for cybercriminals.
According to comScore, specialists in digital marketing intelligence, the Middle Eastern and African audience for social networks has grown by 66 per cent between 2007 and 2008. Another respected research institution, Nielsen, revealed in August 2009 that 17 per cent of all time spent on the internet was on social networking sites, up from six per cent in August 2008. But the phenomenal growth has not just caught the attention of advertisers; online scam artists and cybercriminals have also jumped on the bandwagon.
Between June 2007 and June 2008, the number of unique visitors to Facebook increased by 153 per cent, creating a potential goldmine for cybercriminals. Social networking sites are targets for spreading malware and relaying spam – forming an important source of illegitimate earnings online. As Facebook reached 300 million accounts in September 2009, social media and social networks have continued to simultaneously attract both criminal and commercial interest. Personal networking connections offer seemingly trusted authentication, which criminals abuse by compromising user accounts and linking to malicious sites. Moreover, these websites are easily accessed by users via smart phones or at internet cafes providing cybercriminals with a broad opportunity to perform their attacks.
Facebook, Twitter and other social networking sites must combat a rapidly changing criminal toolkit, as cybercriminals make use of social engineering techniques to lure and trick unsuspecting users, often utilising the information they have shared about themselves. Targeted users become increasingly vulnerable to attacks that blindly distribute rogue apps across their networks, as cybercriminals exploit trusting friend networks to get users to click on links they might otherwise treat with caution. Attacks also include key stroke logging, a technique which allows cyber criminals to keep a record of every key typed by the unsuspecting user, hence, gaining personal details as well as credit card numbers and other personal data.
The use of shortened URLs on sites such as Twitter can make it even easier for cybercriminals to mask and direct users to malicious websites. In December 2009, McAfee Labs predicted that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2010. Another popular cybercriminal activity of which all internet users need to be aware is ID theft. This refers to the theft of personal information, which is often used without a person's knowledge to commit fraud or other crimes. This is a serious crime that can cost victims a lot of money and cause considerable concern. Use of social networking sites can increase the likelihood of ID theft because of the volume of personal – and often sensitive – information posted by users. Members of social networks often post personal information and contact details, not realising that there are tools that will scrape and aggregate information posted on different sites together to build complete user profiles.
Many people unwittingly lack even the most basic protection for their computers, causing increased risk for themselves and the people with whom they interact online. This is a problem that social networking websites and security vendors need to address. According to McAfee-National Cyber Security Alliance Online Safety Study, up to 78 percent of consumers do not have updated anti-virus, an enabled firewall and anti-spyware, and 48 percent of them have expired anti-virus, the most fundamental protection.
Keeping the iternet secure requires collective action and co-operation. It is very important for security experts to develop initiatives to simplify the application of internet security for the general public. More importantly, they need to keep the public educated on the ever changing threatscape to which they are vulnerable.
Online security is a subject that has only relatively recently become mainstream and with the region's increased dependency on technology and the internet, it is crucial to develop appropriate online security strategies. Regional governments are implementing promising initiatives, like the UAE's CERT program, to address the problem and educate the public. To protect the region's users, the protection offered by security vendors must be simple, straightforward and effective.
Consumers can stay safe on social networks by always following a few simple rules:
- Choose unique logins and passwords for each of the websites you use
- Ensure that chosen passwords complex, containing upper and lower case characters, digits, and non-alphabetic characters, unpredictable and confidential
- Check to see that you are logging in from a legitimate page with the social network's domain
- Be cautious of any message, post, or link you find on the network that looks suspicious or requires an additional login
- Do not assume that links, attachments from friends are safe. They are probably no more experts that you in security.
- Do not post important or sensitive personal details on public sites. Be aware that information can be aggregated from different social networking sites.
- Make sure you have up-to-date security software installed
- Since accounts can be compromised, if you get strange requests for money or information, ensure you validate them through other forms of communication.
- The writer is the Director of Security Strategy, EMEA, McAfee. The views expressed are his own
Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.
Follow Emirates 24|7 on Google News.