Wednesday, February 24, 2010
Twitter Phishing Plus: Social Media Attacks on Rise
And it can take a serious toll on identity theft victims who may use the same password for multiple websites.
The cyber criminals are getting more precise – instead of relying on “blanket” tactics – with the help of Twitter, Facebook and other sites that can serve as goldmines of personal information, according to Cyveillance, the Arlington, VA.-based firm which provides online security services to Fortune 500 companies.
And new such social media sites are springing up regularly. Case in point, Blippy, a Twitter-like site that tracks credit card purchases at certain retailers once a user links up a card of choice to the service.
“Cyber criminals are focusing their efforts on developing more sophisticated and targeted attacks rather than using a far reaching blanket approach, in order to reap greater financial rewards,” said Panos Anastassiadis, chief operating officer at Cyveillance.
Phishing attacks is when online fraudsters send emails appearing personal, but are actually fishing expeditions for your log-in information that might get them credit card or bank account numbers, or other vital pieces of identification.
The recent Twitter attacks are good examples of the troubling trend.
Direct messages to Twitter users are asking “This you????” — followed by a link. Once you click on the link, you are taken to a fake Twitter login page.
If you make it that far, “hackers are just waiting for you to hand over your credentials,” writes Graham Cluley, senior technology consultant at Sophos.com, a leader in network security solutions for organizations. “In fact, they can automatically post the phishing message from your account as soon as you hand over your details.”
But hacking into your Twitter account is not the worst part, Cluley said. A third of social media users have the same password on other websites, which could include sites with financial information, such as PayPal, the leading payments processor for online purchases.
“It’s bad enough if hackers gain control of your Twitter account, but if you also use that same password on other websites (and our research shows that 33 percent of people do that all of the time) then they could access your Gmail, Hotmail, Facebook, eBay, Paypal, and so forth,” Cluley said. ecreditdaily