Beware: Phishing and Spam in Social Networks

Trend Micro warns us today about how spam and phishing can hit you even in the closed ecosystem of a social networking system such as Facebook. Malware abounds. And in the social network arena, just like anywhere else, “using your account to send spam” is a common thing for the bad guys to want to do.
In Rik Ferguson’s investigation (which I read about on CNet News), he came across a link to a URL that asked for his Facebook credentials, supposedly necessary to allow installation of a specific Facebook application. Once the credentials were handed over, the app immediately spammed all of his Facebook friends, sending them a bogus notification, attempting to draw them into visiting the phishing/malware URL, with (one assumes) the hope of spreading the infection even wider.
He’s a researcher for Trend Micro, so he knows what he’s doing. But for the rest of us, this highlights how necessary it is to be careful with who you give your usernames and passwords to. In my opinion, it’s never safe to take your username and password from one site and hand it over to another site. Some social networking make the problem even worse by blurring the lines between safe and unsafe by asking for usernames and passwords to third party accounts, but you just can never know with 100% certainty which sites are legitimate and which ones aren’t.
— Al Iverson

Related Posts

12% of email recipients respond to spam

Twitter and some of the other delivery blogs are all abuzz today talking about the consumer survey released by MAAWG (pdf link, large file) looking at end user knowledge and awareness of email security practices.
The survey has a lot of good data and I strongly encourage people to look at the full report. There are a couple of results that are generating most of the buzz, including the fact that nearly half of the respondents have clicked on a link or replied to a spam email. Additionally, 17% of respondents said they made a mistake when they clicked on the link.
The magic statistic, though, is that 12% of the respondents said that they responded to spam because they were interested in the products or services offered in the spam. This, right there, is one of the major reasons why spam continues and is a growing problem. Out of 800 people surveyed, almost 100 of them were interested enough in the products sold by spam to respond positively. There are roughly 1.6 billion people on the Internet, which gives spammers a market of 200 million people for their spam.
Other studies have seen similar responses, that is consumers do respond to spam. Most surveys don’t define spam, however, and given a lot of consumers call “mail I don’t like” or “all commercial email” as spam it’s hard to know what the respondents are responding too. In some studies, some respondents even defined mail from companies that they had given their email address to, but had not explicitly asked for email from as spam.  In this study MAAWG did request how the respondent defined spam. Of the respondents, 60% say spam is mail they did not solicit, and 41% say spam is mail that ends up in the spam folder. Given that 60% of respondents define spam as “unsolicited email” it is possible that some people are responding to mail they never requested.
Sad news for those of us who were hoping that lack of consumer response would make spamming unprofitable enough that spammers would stop.
The crosstab between “how do you define spam” and “how do you react to spam” may be an interesting data set to see.

Read More

Three ways spammers get your address

Paul explains 3 ways spammers get your email address.

Read More

McColo goes offline

Last week a major player in the botnet arena was taken offline when they were shutdown by their upstream provider.  With the demise of McColo, there has been a 30 – 50% drop in the amount of spam as measured by any number of different techniques. The CBL team has posted an article about their view of the McColo disconnection, which includes links to press articles about the shutdown. Spamhaus has their own take on the shutdown and another collection of links to articles about the shutdown.
In my own mailbox, I have noticed a drastic decrease in the amount of spam over the last week. I am too jaded to expect that the change is permanent, but it is nice while it lasts.

Read More