Cybercrime Goes Social

<div>The Internet has changed the way we communicate and socialise, especially with the increased popularity of social networks. As social networks gain more presence in the digital world, a growing threat to online users is that cybercriminals will take advantage of these trusted environments to launch their malicious attacks.&nbsp; <br /><br /><strong>The Growing Popularity Of Social Networks</strong><br />Social networks provide infinite opportunities to stay connected with friends and family, and to be informed of the latest news and trends. In a country where 65 per cent of the population and 75 per cent of netizens are below the age of 35 years (Census and IMAI), social media is enabling unprecedented connectivity. Social networks have become such an integral part of our online lives with over 76.1 million social networking users in India, according to eMarketer.<br /><br />With the pervasiveness of social networks in our online world, it&rsquo;s more important than ever to take steps against being the next victim of cybercrime.&nbsp; In India,the Norton Cybercrime Report 2012 found that 80 online adults fall prey to cybercrime every minute and that more than half of online users have fallen victim to cybercrime on social networks. Coupled with the fact that more than half the population (56 per cent) does not understand the risk of cybercrime or how to protect themselves online, Indians are running the risk of being a key targetof cybercriminals. <br /><br /><strong><img width="600" height="272" align="middle" alt="" src="/image/image_gallery?uuid=0e8fe587-d434-46f8-ba04-13faa171efdc&amp;groupId=36166&amp;t=1368781443841" /><br /><br />The New Playground For Cybercriminals</strong><br />Identity theft is akey threat to many social networkusers, as millions of online users use their personal information to register with social networks. The availability of such large amounts ofpersonal data coupled with the trust that people place in their social networksmakes it a rich playground for cybercriminals. <br />&nbsp;</div><div>\While there is greater awareness around threats like spam and phishing,&nbsp; cybercriminals are using more sophisticated forms of malware to steal identities and information from individuals. Ranging from &ldquo;likejacking&rdquo; to shortened URLs being used to mask the malicious destinations of links that claimed to take users to legitimate videos/websites, cybercriminals are getting smarter about leveraging the huge user base and trusted environments of social networks. Not only this, cybercriminals can &lsquo;hijack&rsquo; an online account in a number of ways to view and steal private information, using a number of methods to exploit social networking users. <br />The following are most common:</div><ul><li><strong>Phishing attacks:</strong>&nbsp;Cybercriminals can trick users into giving away their login credentials through fake pages that resemble the login pages of popular webmail or social networking sites.</li><li><strong>Scammers:</strong>&nbsp;Cybercriminals can use compromised or &ldquo;hacked&rdquo; accounts to lure other users into believing that they are receiving messages from a friend, when in fact, they&rsquo;re trying to get money or other information.</li><li><strong>Exploiting User Information:</strong> When users give away their location online with status updates and location-based services, cybercriminals can use this information to target victims offline in &ldquo;the real world.&rdquo;</li><li><strong>Malicious Links:</strong> Cybercriminals plant links that give them access to users&rsquo; web sessions by compromising &ldquo;cookies,&rdquo; or information that is stored after login to validate users&rsquo; credentials.</li></ul><div><br /><img width="550" height="353" align="middle" alt="" src="/image/image_gallery?uuid=02341b15-6cdb-4f0c-819a-1afc7931dde0&amp;groupId=36166&amp;t=1368781483843" /><br /><br /><br />Here&rsquo;s one example of how cybercriminals leveraged Twitter to launch their attacks. Ahead of the iPad 3 launch, some Twitter users who tweeted about the new tablet received targeted replies from scammers offering the new device for free.Links were masked behind URL shortening services and led to affiliate pages asking for personal information, such as email address and shipping information.<br /><strong><br />Future Trends: The Monetisation Of Social Networks Introduces New Dangers</strong><br />As consumers, we place a high level of trust in social media&mdash;from the sharing of personal details, to spending money on game credits, to gifting items to friends.&nbsp; As these networks start to find new ways to monetise their platforms by allowing members to buy and send real gifts, the growing social spending trend also provides cybercriminals with new ways to lay the groundwork for attack. Norton anticipates an increase in malware attacks that steal payment credentials in social networks and trick users into providing payment details, and other personal and potentially valuable information, to fake social networks. This may include fake gift notifications and email messages requesting home addresses and other personal information. <br /><br />While providing non-financial information might seem innocuous, cybercriminals sell and trade this information with one another to combine with information they already have about you, helping them create a profile of you they can use to gain access to your other accounts.<br /><br />Here are some recommended tips for users to stay safe online:</div><ul><li>Don't talk to, or accept friend invitations from unknown senders on social networks, IM, online forums or virtual worlds.</li><li>Don't post your home address, phone number, pictures or other personal details about yourself on public sites &ndash; the information you post will live on these sites forever and can also make you an easier target for creeps and bad guys.</li><li>Do make sure you have a strong password (not your pet&rsquo;s name, birthday or address) and don&rsquo;t share it with anyone &ndash; not even your best friends, and not even &ldquo;just once&rdquo;. Select a password that cannot be easily guessed. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g., # $ % ! ?). Try not to use the same password for every service you use online, and change passwords on a regular basis, at least every 90 days</li><li>Do create groups of friends, relatives or other special sub-groups of friends on these social networking platforms and share photos, video and comments to the restricted group.</li><li>Do limit the access to your profile from search options and make sure you remove unwanted applications or limit their access to your information</li><li>Do make sure you select the most secure (i.e. https) settings whenever they are offered, and notifications of account access from new devices</li><li>Do maintain an up-to-date browser and operating system. Browsers and operating systems usually improve their security settings and you can benefit from it by updating to the latest ones. Not updating can leave you vulnerable to attacks and could lead to private information being lost or stolen.</li><li>Do use free online tools such as Norton Safe Web Lite which provides a safer search experience by warning you of dangerous Web sites right in your search results, so you can search, browse, and shop online without worry.</li></ul><div><br /><em>(The author is Internet Safety Advocate &amp; Director, Norton by Symantec, Asia</em>)<br />&nbsp;</div>