I saw this article over on AccountingWeb about how social networking sites are increasingly becoming vectors for identity theft and other attacks. Echoing something we have discussed on this blog before, they noted that having a lot of information about yourself online has drawbacks – specifically allowing identity thieves (and CIA) to collect it in support of their identity theft attempts. Also, social networking sites can host links to malware.
In the article they mention one attack where clicking on a MySpace friend request results in a pop up windows that is supposed to look like a Windows Update window. I was particularly amused by McAfee‘s somewhat silly suggestion “One way to guard against such attacks is to minimize your browser. If the dialogue box disappears, it is probably an impostor.” Now that is some useful, general purpose online security advice! If we can’t teach people to look for lock icons when the browser is talking over HTTPS, I don’t think we’ll be able to train them to make decisions based on which windows minimize at various times.
If you recall, more attacks on and via social networking sites was one of my Top 5 predictions for 2008. Barely a week after that post we’re already seeing some confirmation. Making predictions is easy!
dan _at_ denimgroup.com