×
Home Companies Industry Politics Money Opinion LoungeMultimedia Science Education Sports TechnologyConsumerSpecialsMint on Sunday
×

Click safe

Click safe
Comment E-mail Print Share
First Published: Tue, Sep 27 2011. 09 51 PM IST

Beware: Watch out for malware designed to steal your personal information. By Raajan/Mint
Beware: Watch out for malware designed to steal your personal information. By Raajan/Mint
Updated: Tue, Sep 27 2011. 09 51 PM IST
Your friend just messaged you on Twitter with a must-read link on social activist Anna Hazare’s campaign. Another one said “Hi” to you on Facebook chat and then posted a link, telling you it’s a super-funny video, and you just have to see it. Would you think twice before clicking on any of these links?
Do.
Both of them might be malware, designed to steal your personal information.
Rotimi Bose, 19, a student based in Kolkata, thought she had a chance to win a Dell laptop through a link on her Facebook Wall, posted by one of her classmates. Curious, she clicked the link to find a simple survey with some personal questions; at the end of it, she would get a free laptop. As soon as the page opened, the “free” laptop link got posted automatically on her Wall and those of her friends. The survey asked her for her email ID, mobile number, address and other personal details. She put those in without questioning who was doing the survey. Since then, she has been getting calls from a “bank” soliciting money for her “free” laptop.
Beware: Watch out for malware designed to steal your personal information. By Raajan/Mint
“Social networking sites are vulnerable to attacks because of their open nature that encourages users to share information,” explains Shantanu Ghosh, vice-president and managing director, India product operations, Symantec, which provides security, storage and systems management solutions. “Since these sites are becoming popular, the potential number of victims is higher, and more spammers are focusing on these networks.” According to a report, “Sophos Mid-Year 2011 Security Threat Report”, published in July by information technology security and data protection firm Sophos, social networking scams are one of the top security threats this year along with fake antivirus (in which you pay for a rogue security software which actually installs a malware on your computer instead of protecting it from a virus) and search engine poisoning (when fake website and malware sites appear as one of the top sites listed on a search engine’s search results).
“The spammers often succeed because many people allow their curiosity to get the better of them and click on nearly every link they see without thinking about the consequences,” explains Ghosh. We are not taught that we should be wary of a “friend request”, that the link posted by a friend might be a malicious one, and this is how we become more vulnerable, he says, pointing to Symantec’s “Internet Security Threat Report XVI”, prepared after monitoring about half a million public social networking profiles in 2010 and released earlier this year. According to the report, 73% of all links posted by “friends” on users’ walls were actually scams or malicious applications. So one out of every six messages you get with a link in it, is a malicious one.
Once the scammers have details like your cellphone number, email ID or, in a worse-case scenario, your bank account details, they sell these to other fraudulent marketing companies online which will flood your phone and inbox with malware links and spam.
“A glance at the address bar will usually tell the user if he is on a fake site: typos, odd words or phrases and IP numbers in the URL are common giveaways, but many of us are not aware of these things,” adds Ghosh. Read on to know more about the most common scams on social networks.
Clickjacking
Day 5 of the Second Freedom Struggle for the Jan Lokpal Bill. See <LINK>
BREAKING NEWS: Lil Wayne Nearly Dies In FATAL Car Crash! See <LINK>
Stay at home mom turns $97 into 6000. See <LINK>
Be it political, shocking, outrageous, hilarious or interesting, all these links that keep cropping up on your Facebook Wall, LinkedIn pages or Twitter feed have one thing in common. They want to gain your interest and induce you to “click”. The button you are going to click might say LIKE or PLAY but it is actually a dummy button—and beneath it is a link you cannot see. This technique, called clickjacking, can be used to make you unknowingly click something as simple as LIKE for a site in an underhand viral marketing scam, or can be as sinister as getting permission to make all your private information public without your knowledge. “Since you can’t see the clickjacker’s hidden link, you have no idea what you’re really doing,” writes the report “A Guide to Facebook Security”, which Facebook released in August after an increase in attacks on the website. “You could be downloading malware or making all your Facebook information public without realizing it.”
Avoid it: Reduce the risk by constantly updating your Internet browsers since they come up with updates to block risky links thrown in by scammers. In Firefox, you can install the NoScript add-on (http://noscript.net/) which blocks all scripts, plug-ins, and other code on Web pages that could be used to attack your system during visits. The only downside is that this cuts off the positive scripts you might have running as well, but the pros outweigh the cons. For Opera and Chrome, there’s a similar add-on called NotScripts .
Malicious script
“Use our unique code to reveal who has been stalking you!” If the only way you can reveal who’s stalking you on Facebook or Twitter is by copy-pasting a code into your browser’s address bar, you have just landed yourself a malicious code. In all possibility, the script will link you to a spam website and instead of showing you what was advertised, it will use your account to create events and pages and send your friends spam.
Avoid it: Never copy and paste text into your Internet browser address bar if you are unsure of what it is.
Online survey
Through increasing “footfall” on websites by making you click on a website’s page or organizing surveys and competitions, the spammers make money while sending you off on wild-goose chases for a “free” product. This is how it’s done. The spammers create public events on Facebook and invite millions of users to join in. Embedded instructions in the “More info” section of the event’s summary lead the unsuspecting Facebook user to visit Web pages designed to earn money for those behind the scheme. Sophos researchers have discovered that such bogus events, promoting revenue-generating scams that put cash into the pockets of spammers, have targeted over 10 million Facebook users recently. Another method is to offer something free for a simple survey, like the “Get A Free Dell XPS M1530!” Once you click on the link, you are presented with a quick survey which includes personal details like your address, phone numbers and date of birth. Once given, this information is shared with marketers to “not only spam your Facebook account, but also harass you via snail mail, phone calls and text messages”, according to www.facecrooks.com, a vigilante site on Facebook scams.
Avoid it: Don’t click on tempting event pages or “free” offers. Nothing is free. Ever. If you have made the mistake of clicking, go to your Facebook wall and clean your newsfeed of all the fraudulent links that will be posted automatically for your friends.
Account theft
@abcwrite ‘Twitter finally released an app that tracks your “Stalkers” get it here <LINK>. If you click on the link, you are taken to what appears to be a legitimate Twitter page that asks you to “Authorize” the app to use your account. It then asks for your username and password. Once you have put that in, you have handed over your account to phishers, who would then be able to use it to read your private messages and send messages (perhaps spam-related or containing malicious links) to your followers. Fake login screens are the most common way of getting your account information. Scammers might try to catch you off-guard and hit you with the fake login while you’re actually using sites like Facebook. It could be a malicious application or simply a link which asks you to log in again. The attack for your account information can also come through emails.
Avoid it: Always check the browser’s URL before you put in your username and password for any app authorization or for reclogging purposes—reclogging means reconnecting. Sometimes you think you have logged out by mistake and then log in thinking you are on the same website, but you are actually on a fraudulent website. Smart spammers use addresses like Facbook.com to make you think it’s the actual one. Also, both Facebook and Twitter do not share your account username and password with third-party apps any more.
Phishing through games and apps
Phishing is an attempt to trick you into revealing personal information or financial data. Since agreeing to apps to access information on Facebook is a common done thing, Games and Apps are two of the most common features of Facebook used for phishing. The scammers offer “cheats”, “hacks” or “free game points” for a particular popular game or even “free credits” or “free virtual objects” for a particular app on Facebook. “A lot of these things that promise to turn you into a great gamer are really designed to steal your personal information,” warns the Facebook security report. If you fall for it, the spammer lures you into either downloading a malware or relogging by furnishing your account username and password. Once your account is hacked, it sends spam to your friends.
Avoid it: Never download and run things that are floating in the social network world. If you want to download an app, go to its official URL and download it from there. If you have already run something malicious by mistake, immediately switch off your Internet and restart your computer. Then run a complete system scan with a trusted and reputable antivirus program.
Write to us at businessoflife@livemint.com
Comment E-mail Print Share
First Published: Tue, Sep 27 2011. 09 51 PM IST