Cyber criminals heavily target social networkers

19 Jan 2011

Scams and attacks like clickjacking and surveys, unheard of a few years ago, are now popping up on a daily basis on social networks like Facebook and Twitter, resulting in ordinary people facing unprecedented levels of attention from hackers, Sophos warned today.

Sophos’ Security Threat Report 2011 analysed cyber crime over the past year and charted user experience of social networking, particularly in the workplace.

By mid-2010, Facebook recorded half a billion active users, making it not only the largest social networking site, but also one of the most popular destinations on the web. In less than half a year, it has grown by a further 100m people to reach 600m.

Unsurprisingly, this massive and committed user base is heavily targeted by scammers and cyber criminals, with the number and diversity of attacks growing steadily throughout 2010 – malware, phishing and spam on social networks have all continued to a rise in the past year. The survey also found:

  • 40pc of social networking users have been sent malware, such as worms via social networking sites, a 90pc increase since the summer of 2009
  • Two-thirds (67pc) say they have been spammed via social networking sites, more than double the proportion less than two years ago
  • Some 43pc have been on the receiving end of phishing attacks, more than double the figure since 2009.

Most workplaces allow unrestricted access to social networks

“Rogue applications, clickjacking, survey scams – all unheard of just a couple of years ago, are now popping up on a daily basis on social networks, such as Facebook,” said Graham Cluley, senior technology consultant at Sophos.

“Why aren’t Facebook and other social networks doing more to prevent spam and scams in the first place? People need to be very careful they don’t end up being conned for their personal details, or get tricked into clicking on links that could earn money for cyber criminals or infect innocent computers.”

Although results vary across the individual networks of Facebook, Twitter, MySpace and LinkedIn, the latest poll suggests that half of those surveyed have been given unrestricted access to social networks at work.

Paradoxically, 59pc believe employee behaviour on social networking sites could endanger corporate network security, and 57pc worry that colleagues are sharing too much information on social networks.

“Total bans on users accessing social networking sites are becoming rarer, as more firms recognise the value such sites can bring in raising brand awareness and delivering social media marketing campaigns,” explained Cluley.

“If your business isn’t on Facebook, but your competitors are, you are going to be at a disadvantage. But you have to be aware of the risks and secure your users while they’re online.”

Although 82pc of the survey’s respondents felt that Facebook posed the biggest risk to security, Sophos has labelled an attack on the Twitter microblogging network as the biggest single social networking security incident of 2010.

The infamous ‘onMouseOver’ Twitter worm hit the Twitter site in September 2010, and spread like wildfire. The cross-site-scripting (XSS) attack demonstrated how quickly a vulnerability on a social network can affect a huge number of users. High-profile victims included former British prime minister’s wife Sarah Brown, Lord Alan Sugar, and even Robert Gibbs, the press secretary to US President Barack Obama.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years