/ 12 May 2011

Cyber scams rife at social networks

Social networks are “lucrative hot beds” for cyber scams as crooks endeavor to dupe members of online communities, according to a Microsoft security report released on Thursday.

“Phishing” attacks that use seemingly legitimate messages to trick people into clicking on booby-trapped links, buying bogus software, or revealing information rocketed 1 200% at social networks last year, it said.

“We continue to see cyber criminals evolve attack methods such as a significant rise in social network phishing,” Microsoft malware protection centre manager Vinny Gullotto said in the Security Intelligence Report.

Phishing using social networking as a “lure” represented 84,5% of all such trickery in December as compared with 8,3% at the start of 2010, according to the report.

Microsoft analysed data gathered from more than 600-million computer systems worldwide from July through December of last year for the semi-annual study.

“The popularity of social networking sites has created new opportunities for cyber criminals to not only directly impact users, but also friends, colleagues and family through impersonation,” the report said.

“These techniques add to an existing list of social engineering techniques, such as financial and product promotions, to extort money or trick users into downloading malicious content.”

Social engineering is a reference to fooling people to access machines or data instead of trying to hack into networks using software skills.

Microsoft noticed a “polarisation” of cyber criminal behaviour and a surge in the use of “marketing-like” deception tactics to steal money from people.

“On one side, highly sophisticated criminals skilled at creating exploits and informed with intelligence about a target’s environment pursue high-value targets with large payoffs,” the report said.

“On the other side, there are cyber criminals using more accessible attack methods, including social engineering tactics and leveraging exploits created by the more skilled criminals, to take a small amount of money from a large number of people.”

Criminals used malicious software to trick people with false advertisements, fake security software, and pay-per-click schemes that generate cash when internet links are activated, according to Microsoft.

Detections of software crafted to infect machines with pop-up advertisements meanwhile rose 70% from the middle of last year to the end of December, the report indicated.

“With more consumers and devices coming online every day, cyber criminals now have more opportunities than before to deceive users through attack methods like adware, phishing and rogue security software,” said Graham Titterington of Britain-based analyst firm Ovum.

“It’s becoming increasingly difficult for consumers to decipher legitimate communications and promotions given the sophistication of tools criminals are using.”

Rogue security software, referred to as “scareware”, was one of the most common ways for cyber criminals worldwide to bilk people out of money and steal information from computers.

The ploy seeks to dupe Internet users by pretending to find viruses and other problems on computers and then offering to sell a program to fix the situation. The software being hawked is a virus.

Computer users were advised to guard against threats by keeping programs updated, using reputable security software, and not clicking links or opening files without making certain they are safe. — AFP