I saw this article over on AccountingWeb about how social networking sites are increasingly becoming vectors for identity theft and other attacks. Echoing something we have discussed on this blog before, they noted that having a lot of information about yourself online has drawbacks – specifically allowing identity thieves (and CIA) to collect it in support of their identity theft attempts. Also, social networking sites can host links to malware.
In the article they mention one attack where clicking on a MySpace friend request results in a pop up windows that is supposed to look like a Windows Update window. I was particularly amused by McAfee‘s somewhat silly suggestion “One way to guard against such attacks is to minimize your browser. If the dialogue box disappears, it is probably an impostor.” Now that is some useful, general purpose online security advice! If we can’t teach people to look for lock icons when the browser is talking over HTTPS, I don’t think we’ll be able to train them to make decisions based on which windows minimize at various times.
If you recall, more attacks on and via social networking sites was one of my Top 5 predictions for 2008. Barely a week after that post we’re already seeing some confirmation. Making predictions is easy!
–Dan
dan _at_ denimgroup.com
Nice post Dan – Social Networks can certainly be viewed as sitting ducks… With the white labeling frenzy, it sometimes feels like we’re just making it easier.
There are some interesting security measures that are being developed in the SN space though. Maybe they’ll help counter this issue?