Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Social network phishing rose in January

GFI Software : 15 February, 2013  (Technical Article)
The Vipre report from GFI Software for January reveals an increase in the use of direct message phishing attacks using social networking sites Twitter and LinkedIn
Social network phishing rose in January

GFI Software has released its VIPRE Report for January 2013, a collection of the 10 most prevalent threat detections encountered last month. In January, GFI threat researchers identified a number of social network-based cybercrime attacks, including phishing messages on Twitter and Facebook, as well as malicious spam messages disguised as event invites on LinkedIn.

“As the brands of popular social networking sites become more engrained in our culture, their value to cybercriminals looking for new ways to disguise their attack campaigns will only increase,” said Christopher Boyd, senior threat researcher at GFI Software.  “More and more young people entering the workforce think of social networking as a standard part of everyday life. By focusing their efforts on these sites, cybercriminals can increase their chances of fooling a larger number of users to unknowingly download malware onto their PCs and mobile devices. As a result, these users end up providing social network account information that can be used to reach even more potential victims.”

A number of Twitter users found themselves targeted by a direct message phishing campaign in January. The messages claimed that the victims were being singled out by a Twitter account that was spreading “nasty blogs” about them. The links contained in the messages led to a site that mimicked the official Twitter login screen. Users who unwittingly entered their account information without first looking at the page URL were sent to a 404 error message and then redirected to the legitimate Twitter login screen in an effort to fool them into thinking that they had simply encountered a problem on the real site.

Facebook users were the targets of a similar spam message, this one claiming that the victims had violated the social network’s policies by “annoying or insulting” other users, and ordering them to reconfirm their accounts to avoid being banned from the site. Users who clicked on the link contained within the message were taken to a page explaining that they had to complete a “security check” by entering personally identifiable information and Facebook login credentials, as well as revealing which webmail service was linked with their Facebook accounts. Finally, each user was prompted to enter the first six digits of their credit card, regardless of whether or not they had purchased Facebook credits in the past. After entering the first six digits, victims were required to provide the rest of the card number in order to “verify” their account, before having the hijacked accounts send out the same phishing message to their lists of Facebook friends.

Elsewhere, on the popular professional networking site LinkedIn, members who identified themselves as business owners received spam emails notifying them that an employee had sent them an event invitation. Clicking on the links in the email directed the victims to malicious sites containing malware that exploited unpatched vulnerabilities on their systems. Users who did not click on the malicious links or who kept their third party software up to date were less at risk of infection.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo