In an insightful interview captured on the ha.ckers.org site, a phisher emphasizes the benefits of targeting users of social networking sites such as MySpace and Facebook, LinkedIn, and so on. He claims that his efforts yield him $3,000-$4,000 per day. (If you have any data supporting or refuting this figure, please let us know.)
The phisher's money-making activities involve the following actions:
* Capturing logon credentials via a fake social networking site that resembles the one being spoofed.
* Using captured contact information or compromised accounts to send advertising, profiting from Cost Per Action (CPA) deals.
* Accessing the victim's email accounts using captured logon credentials. (Most people use the same credentials on multiple sites.)
* Using compromised email accounts to gain access to commercial sites such as PayPal, E-gold, eBay and selling access to these accounts.
Why focus on users of social networking sites? Because social networks provide a trusting context within which the victims will be more likely to take the phisher's bait. Ultimately, this means that the phisher's activities will yield higher profits.
One such campaign was made public in February, when MySpace sued Scott Richter for allegedly compromising MySpace accounts via phishing schemes and then using MySpace to send unsolicited messages to the victim's friends advertising Polo shirts, ringtones, and other products.
According to an Indiana University study, 72% of individuals who received phishing messages spoofed to come from their social network acquaintances were fooled. In contrast, only 15% of the recipients were fooled when the messages came from an unknown party. Clearly, scammers have a strong incentive to data-mine social networks when crafting phishing campaigns. As I mentioned in a diary a while back, social networking sites have a small neighborhood feel that makes the participants comfortable with revealing personal details that make attacks more effective.
The inclusion of personal details in phishing messages seems to be on the rise. For instance, MesssageLabs observed an increase in the number of phishing messages that include personal details, such as names, addresses and zip codes. This data can be harvested from social networking sites with relative ease with website crawlers or website worms, such as those that have targeted MySpace and Orkut.
An attacker wishing to use a social network for a targeted attack can gain access to profile information with relative ease even without compromising accounts. In a study conducted by CSIS Security Group, a researcher set up a test account in LinkedIn, and specified in the profile that he worked at the large company he selected as the target for the case study. He was able to use the account to connect to other LinkedIn users from the same company, and even received unsolicited invitations from the employees to link to them. In less than 2 weeks, he was able to build a substantial network with email addresses, names, and other information about companies he could target for a subsequent attack.
According to a CA/NCSA study, 73% of adults who use social networking sites have given out personal information such as email address, name and birthday. Apparently, some even provided their social security number. Almost half of the respondents chose not to restrict access to their profile, even though they knew how to do that.
What can you do to mitigate the risks of social networks being used to aid in an attack against you or your organization? We're open to suggestions, but here are a few ideas that come to mind:
* Limit the information you make available in profiles on social networking sites.
* Restrict who can view your profile to the individuals you trust.
* Only accept "let's connect" invitations from people you trust to see your profile information.
* Educate users in your organization about the risks of using social networking sites promiscuously.
* Create enforceable policies in your organization governing the use of social networking sites. (Sometimes a bit of guidance can go a long way.)
Subscribe to:
Post Comments (Atom)
19 comments:
Wow that was unusual. I just wrote an extremely long comment but after I
clicked submit my comment didn't show up. Grrrr... well I'm not writing all that over again.
Anyways, just wanted to say excellent blog!
Feel free to visit my web page ; abc.com Dancing with the stars
Hello There. I found your weblog the usage of msn.
This is a very smartly written article. I will be sure to bookmark it and return to read
more of your helpful info. Thanks for the post.
I will definitely comeback.
Check out my blog - ver champions league gratis
Have you ever considered about adding a little bit more than just your articles?
I mean, what you say is important and all. However just imagine if you
added some great visuals or videos to give your
posts more, "pop"! Your content is excellent but with pics and clips, this site could undeniably be one of the greatest in its niche.
Very good blog!
Feel free to surf to my web blog Addall Books Second Hand
Excellent write-up. I absolutely love this site. Keep writing!
Also visit my weblog - Lern-Online.Net
Hі, i think that і saw yоu visіted my web site thus i сame to “retuгn the favor”.
I am tгуing tо find things to improvе my site!
I ѕuppose itѕ oκ tо uѕe а few of
уour ideas!!
Аlso visit my site hotmail
This is really interesting, You are a very skilled blogger.
I have joined your rss feed and look forward to
seeking more of your great post. Also, I've shared your site in my social networks!
Stop by my webpage; right hotmail support
It's going to be end of mine day, except before finish I am reading this impressive article to increase my experience.
Have a look at my web blog; live hotmail
If somе one wants to be uрdated with hottest technologieѕ aftеrwarԁ he must bе pay a viѕit this site and be uр to date everyday.
Also visit my web blog ... abrir cuenta facebook
Just wiѕh to say yοuг articlе is
as аmazing. The clеarnеss іn
your submit iѕ just spectacular аnd that i can supρose yоu аге a profеѕsіonаl on this subject.
Well along with your permіssіon allow
me to snatсh your RSS feeԁ to staу up to date with
drawіng сlose poѕt. Thank you 1,000,000 and please κеep
up the rewагding worκ.
Also visit my website - Http://crearfacebook.Webs.com/
It's awesome to go to see this website and reading the views of all friends about this article, while I am also zealous of getting know-how.
Feel free to visit my web blog; facebook cuenta gratis
Amazіng! Тhіs blog looκs јuѕt lіκe my old one!
It's on a completely different topic but it has pretty much the same page layout and design. Outstanding choice of colors!
Feel free to surf to my page crear Facebook
Thanks in favoг of shaгing suсh a nicе thought, piece of ωriting iѕ nicе, thats ωhy i haѵe read
it fullу
My webpage; crear facebook
constantly i uѕеԁ tо rеad smaller cοntent that аs ωell cleаr their motive, and that is also hаρреning with this paгagraph
whiсh I аm reаdіng now.
my site; abrir cuenta facebook
Way coοl! Some extгemely valiԁ points!
I аppreсiаtе you writing this post pluѕ the reѕt of thе wеbsitе
is νeгy gоod.
My ѕite: crear facebook gratis
Aw, this was a really nice post. Taking the time and actual effort to make a great article…
but what can I say… I hesitate a lot and never seem to get anything done.
Visit my web-site ... www.morrismorris.com
We're a bunch of volunteers and opening a brand new scheme in our community. Your website provided us with useful information to work on. You'ѵe done a fоrmіdable
process and our whole neіghborhood wіll be thanκful to you.
Also vіѕit my webpage abrir cuenta facebook
Thanks in fаvor of shагіng such a gоod opinion, pоst iѕ good,
thats why i havе гeаd it completelу
mу ωeb blog - www.theonc.org
Magnificent website. Plenty of helpful information here. I'm sending it to a few buddies ans additionally sharing in
delicious. And naturally, thanks to your sweat!
My web blog: GCBX Diets
"Megan really educated herself big-time so she really understood the safe boundaries of how to exercise and eat well," said
Pasternak, whose clients include Halle Berry, Lady Gaga, and Jessica Simpson.
This happened because of our turtle-like evolution as well as the world's modernization.
This soup is really nice because it is strongly recommended to help you have a better body.
Here is my web page paleo diet meal plan
Post a Comment