By Daniel Armao, Security Advisor (Guest blogger)
Last weekend, Twitter users were the target of a “Best Video” scam in which they were tricked into clicking a link and sent to a website designed to download malware using an Adobe Acrobat PDF exploit. The malware installed was the scareware software called System Security. System Security is a fake antivirus product that is designed to trick the user into buying it by using scare tactics such as fake scanning results.
A week before that, Twitter users were affected by a phishing attempt called “Twittercut.” If a Twitter user clicked on the link the user was then redirected to a phishing website that asked for their username and password.
The increased popularity of social networking sites such as Twitter and Facebook have unfortunately led to an increase in social engineering attacks. Most importantly, these attacks are used to gain financial information, obtain a large number of credentials and leverage e-mail services for spamming activities.
So, don’t be fooled. Let’s talk about the most common ways users are fooled on social networking sites.
- Links can lead you to malicious material such as hidden drive-by downloads that attempt to silently install software onto your computer without you doing anything or knowing about it.
- Links can also lead you to a phishing site designed by scammers to trick a user into revealing confidential information such as account passwords for banking or social networking sites.
- There are downloads that seem perfectly safe, such as a video, screensaver (screensavers are the most notorious) or some even offer to give you security protection, but they are actually malware.
- A link from a friend might not be safe either. Your friend’s computer could have been infected and now is part of a botnet being used to send malware and dangerous links.
- Tweeters often use URL shortening services such as tinyurl.com to obtain a shorter URL that fits within the 140 characters restriction. This means you don’t know what site your are really going to until you are there.
How to protect yourself:
- Do not click on suspicious links.
- Be smart about what links to trust or not:
· Confirm the link. Hover your mouse over the link to see at the bottom of your browser window where it really goes – the text might say “Wells Fargo Bank” but the link might go somewhere else entirely (for example, the link looks like Google, but it’s not).
· Make sure the URL is correct on the address bar of the browser. The safest thing to do if you are not sure is to type the correct website address manually. Be extra cautious if you receive the link via e-mail.
· Do not download or install any software, not even codecs for viewing videos, from an untrusted site.
- Last but not least, get protection for your computer and for your web browser. These are two different things.
· ZoneAlarm ForceField provides a protective layer around your browser, shielding you from drive-by downloads, browser exploits and phishing attempts.
· ZoneAlarm Extreme Security combines computer security and browser security into one.
- If you are infected with malware, change your passwords immediately and download and scan your computer with a top security suite. Always verify that the security you would like to download is legitimate by going to PC Magazine or other computer publications (if it is not well known or reviewed by a noted security publication, don’t get it.)
Enjoy the web, do what you want to do. Just be smart about it and get the protection you need or your fun might come to a quick halt.
