The popularity of social networking sites such as Facebook, Twitter and LinkedIn is continuing to grow dramatically, but not just with users. Cybercriminals increasingly are targeting these sites and their troves of sensitive, personal information.
ICSA Labs offers these helpful tips on how consumers can enjoy social networking while protecting themselves from security threats:
Be wary of worms, Trojans and botnets that can infect and take control of your computer. Access to sensitive documents and personally identifiable information poses a significant threat to users. The Koobface worm, for instance, infected hundreds of thousands of Facebook users in June. Users received a video claiming to be from a Facebook friend, but after downloading the video, the worm distributed the malware to a user’s Facebook friends and granted attackers full access to the user’s computer.
If you receive a request to connect from someone you do not know, do not accept it. Trojans are infamous for tricking victims into providing sensitive information and are increasingly surfacing on social networking websites. By taking over a user’s contacts or “friend” list, the Trojan sends invitations to the user’s friends to try to infect their computers as well. The ZeuS Trojan is one example of malware that is remotely controlled by criminals who infect computers, wait for users to log on and then try to gain access to their bank accounts.
Do not share too much personal information. Attackers can easily piece together different bits of information posted to Facebook and other sites and compile a complete profile of an individual’s identity, especially using birth date information. With this knowledge, hackers can trick users with targeted information that only a “friend” would know.
To safeguard against misuse of personal information, it is important for users to review and understand the privacy policies on social networking sites to make sure they disclose personal information. In addition, users should regularly check their credit report and other financial statements to verify their identity is unharmed.
Be careful where you click. Just because a link came to a user from someone the user knows – a “friend” – does not mean it is safe. Users can easily check by rolling over the link for a moment before clicking to verify the Web address is legitimate. Link shorteners, such as bit.ly and tinyurl, are becoming common practice and making attackers’ jobs even easier as they try to mislead victims into clicking on malicious links.
Use and frequently update software security programs. Updating security software is the simplest way to protect a computer from malware like worms, viruses, Trojans and clickjacking. Users should make sure that their anti-virus, firewall and spyware products are up-to-date and that they have installed the latest software upgrades.