By Stephanie Chen, CNN
(CNN) -- (CNN) -- If you're on Facebook, Twitter or any other social networking site, you could be the next victim.
Experts say cybercrooks are lurking just a mouse click away on popular social networking sites.
That's because more cyberthieves are targeting increasingly popular social networking sites that provide a gold mine of personal information, according to the FBI. Since 2006, nearly 3,200 account hijacking cases have been reported to the Internet Crime Complaint Center, a partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance.
It starts with a friend updating his or her status or sending you a message with an innocent link or video. Maybe your friend is in distress abroad and needs some help.
All you have to do is click.
When the message or link is opened, social network users are lured to fake Web sites that trick them into divulging personal details and passwords. The process, known as a phishing attack or malware, can infiltrate users' accounts without their consent.
Once the account is compromised, the thieves can infiltrate the list of friends or contacts and repeat the attack on subsequent victims. Social networking sites show there is ample opportunity to find more victims; the average Facebook user has 120 friends on the site.
"Security is a constant arms race," said Simon Axten, an associate for privacy and public policy at Facebook. "Malicious actors are constantly attacking the site, and what you see is actually a very small percentage of what's attempted."
Social Media Crimes
As some social networking sites experience monstrous growth, they are becoming a new -- and extremely lucrative -- frontier for cybercrime. Facebook says it has 300 million users, nearly the size of the U.S. population, and it continues to attract users outside the college student niche. From February 2008 to February 2009, Twitter, a micro-blogging site where users post 140-character messages known as tweets, grew 1,382 percent to more than 7 million users.
"They [cybercriminals] are very adept to using social engineering," said Donald DeBold, director of threat research for CA, an Internet security company. "Your friend is in trouble traveling in another country, 'I lost my wallet. I need help.' They exploit the curiosity aspect out of human nature."
A few decades ago, malicious software and viruses were usually the result of a prank, but Internet security experts say today's attacks are profit-driven. A study from the Indiana University in 2005 discovered that phishing attacks on social networks operated with a 70 percent success rate. These users had fallen for the scam, opened the foreign link and released personal information.
Cybercriminals are employing phishing and malware attacks for a number of reasons, including trying to redirect users to sites where profit is fueled by the number of visitors. They also try to elicit private information like passwords and bank account numbers to perform scams.
Early this year,Twitter experienced several phishing attacks in which a Web page that looked identical to the widely recognized light blue Twitter page was a hoax. The company warned users to double-check the URL to ensure they were visiting the correct site.
The Internet Crime Complaint Center received more than 72,000 complaints about Internet fraud in 2008 that were referred to law enforcement agencies for further investigation. These cases involved financial losses amounting to $264.6 million, an increase from 2007. Each person lost an average of $931.
"Most of us would want to help a friend in need, but if it's an online friend, and they want you to wire money, you should double-check," FBI spokesman Jason Pack said.
Security experts said it makes sense that cybercriminals are turning to social networking sites. Personal information is abundant on sites like Facebook and MySpace. Each time users give out valuable information like birth dates or addresses, they could be providing hints about their password, security experts say.
The American Civil Liberties Union has expressed concern about the information visible through Facebook quizzes and applications.
"They'll have access to all that information, so they can sell it, they can share it, they can do an awful lot with it," Chris Calabrese, legislative counsel for privacy-related issues with the ACLU, told CNN.com in September.
Many Internet security experts consider the first virus attack on the PC to have occurred in 1986. By the early 1990s, viruses transmitted on floppy disks became ubiquitous. When the World Wide Web became widely available that same decade, viruses, worms and malware became problems in e-mail accounts, frustrating users who clicked on messages thought to be legitimate.
In the new millennium, the most common form of malware attack has become known as drive-by downloads. While surfing on Google or Yahoo, spyware or a computer virus is automatically and invisibly downloaded on a computer, requiring no user interaction for the computer to be infected.
"We are on the verge from shifting from the Web being the No. 1 victim of infecting to social network," said Mikko H. Hypponen, chief of research technology at F-Secure Corp. His company sells anti-virus software and malware protection programs. "It's going to get a lot worse before it gets better."
Social networks are fighting the aggressive attacks from cybercriminals. Most sites have information pages dedicated to educating users about the risks of Internet scams. Users can become a fan of "Facebook Security" and receive updates on how to protect their accounts. One of the most common pieces of advice given by security experts is to change passwords frequently.
Facebook has also developed complex automated systems that detect compromised accounts. They spot and freeze accounts that are sending an unusually high number of messages to their friends. Company security officials said Facebook is a closed system, which can be helpful in erasing phony messages from all accounts.
At News Corporation's MySpace.com, the company creates blacklists of phony accounts to prevent people from clicking on a faulty link. Hemanshu Nigam, first chief security officer for MySpace, said the firm warns about suspicious links and educates users about the harm phishing and malware attacks can bring. "We are prepared for them," he said.
source: CNN.com
Saturday, October 31, 2009
Defriending can bruise your 'digital ego'
By Breeanna Hare, CNN
(CNN) -- If you harbor a bit of angst over Facebook friend requests gone unanswered, a surprise "defriending" or being deserted by your Twitter followers, you're not alone.
Elaine Fogel has amassed more than 500 connections on LinkedIn, a professional networking Web site, by extending invites to those who appear to fit her wide array of career interests.
"Ninety-nine percent of the time, people just say yes," she said.
But then came "this one woman" who Fogel encountered on one of the 40-plus discussion groups she belongs to on LinkedIn. The woman offered interesting opinions, so Fogel sent her an invitation to join her network.
"She sent an e-mail saying, 'I only connect with people I know, and hopefully our paths will cross one day,' " said Fogel, of Phoenix, Arizona, her voice still carrying notes of disbelief. "I read that, and I said, 'Oh, my God, I've been rejected.' "
Fogel echoes other users who have felt the twinge of hurt and surprise from social media rejection. Some may think hers is an overreaction -- it happened online, with a woman she didn't know -- but recent research shows that our "digital egos" can bruise as easily as we do in person. In fact, rejection online may have the potential to sting even more.
"People tend to think that these relationships are trivial and not very deep, but this is what we're moving towards, having a lot of our communications play out over the Internet," Purdue University social psychologist Kip Williams said. "That's the way it's becoming; this is how we interpret our worth. People care how many [online] friends they have."
Or, increasingly, how many Twitter followers they have. This year, a third-party service launched Qwitter, which allows Twitter users to determine who's stopped following them and which tweet may have turned them off.
Experts say rejection on social networks can hurt worse than an in-person snub because people are usually more polite face-to-face than they are online.
"I think the thing that is often clearly worse online is when it's relatively anonymous, and people use that as a cover and are more cruel than they would be otherwise," said Jean Twenge, a San Diego State psychologist who has studied the way social networking affects personality development.
Online rejection also doesn't lessen the physical reaction we have to emotional pain.
"Pain is divided into two components," said Baldwin Way, a UCLA researcher who studies the way human brains respond to social rejection.
"If you put a red-hot poker on your arm, one part of your brain says, 'This pain is on your arm,' and the other part says, 'Ow, that hurts' and is less concerned with where it is and more concerned about the emotional meaning of it," he said. "That [second] part also seems to be activated when someone's left out or excluded and rejected."
To Way's surprise, that neurological reaction holds true even when the rejection comes in a digital form, lacking the real-world body language, vocal intonations and other aspects that can influence the way rejection is perceived and felt.
"If you'd asked me a few years ago if you'd get the same effect online as you would in person, I'd say no way," Way said. "I thought doing something in person would have stronger effects than doing something online, but interesting data has come out in the last few years that show mental representations are just as powerful as the real thing."
These data include Williams' "cyberball" studies, which ask a participant to play a virtual ball-tossing game with two other icons. In one study group, the participant plays the game for the entire six minutes, but in the second group, he or she is included for only a fraction of that time and then ignored. The second group reports feelings of anger and lower levels of self-esteem.
Whether participants believe they're playing with humans doesn't appear to affect their feelings of rejection.
"Even when people get rejected by the computer, they feel bad," Twenge said.
Kenneth Loflin, a student who participated in Williams' study, got so frustrated by his fellow players that he gave the computer screen an offensive gesture.
"I'm a people person, and I like people to like me," he said.
The study also affected the way Loflin interacts online. Out of the 1,200 friends he has on Facebook, 400 of them he doesn't really know, many of them being friends of friends.
"I thought about defriending them, but I didn't want them to feel how I felt" during the "cyberball" game, Loflin said.
By contrast, Bruce Hammond doesn't have a problem giving the rejection slip to Facebook hangers-on.
"For the most part, the people that I'm defriending are the people that I don't have a relationship with: the people I haven't talked to in 15 years," said Hammond, 30, of Chicago, Illinois. "I don't let someone know if I'm going to defriend them. I just do it."
Similarly, Hammond doesn't expect any of his Facebook contacts to let him know before giving him the ax. If someone rejected him in real life, he would ask why the person felt that way, but when the relationship is online, his thinking changes.
"If I come on [Facebook] tomorrow and see I have 425 friends instead of 426, I'm not going to go through my list and see who did it and be upset with them," he said.
Cecilia Sepp, a Washington, D.C.-area consultant, said she avoids the issue entirely by limiting her online network to about 100 friends.
"I don't have a problem with defriending because I don't accumulate [enough] to have a high number," Sepp said.
"When I first heard that defriending was beginning on social networks, it was through a blog post by someone who was shocked that this person had defriended them because they didn't understand why," she said. "The person wanted to know had they done something, had they said something, should they ask, 'What did [I] do?' "
Sepp believes that online "defrienders" should extend the courtesy that Fogel's LinkedIn rejecter gave her: an e-mail explanation.
"You have no facial expression online; you have no tone of voice online; it's very easy to misinterpret phrasing in an e-mail. You have to be very careful about your wording and be more explicit with people when you're making or removing connections," Sepp said. "That's why it's so important to connect with people that you actually know."
source: CNN.com
(CNN) -- If you harbor a bit of angst over Facebook friend requests gone unanswered, a surprise "defriending" or being deserted by your Twitter followers, you're not alone.
Elaine Fogel has amassed more than 500 connections on LinkedIn, a professional networking Web site, by extending invites to those who appear to fit her wide array of career interests.
"Ninety-nine percent of the time, people just say yes," she said.
But then came "this one woman" who Fogel encountered on one of the 40-plus discussion groups she belongs to on LinkedIn. The woman offered interesting opinions, so Fogel sent her an invitation to join her network.
"She sent an e-mail saying, 'I only connect with people I know, and hopefully our paths will cross one day,' " said Fogel, of Phoenix, Arizona, her voice still carrying notes of disbelief. "I read that, and I said, 'Oh, my God, I've been rejected.' "
Fogel echoes other users who have felt the twinge of hurt and surprise from social media rejection. Some may think hers is an overreaction -- it happened online, with a woman she didn't know -- but recent research shows that our "digital egos" can bruise as easily as we do in person. In fact, rejection online may have the potential to sting even more.
"People tend to think that these relationships are trivial and not very deep, but this is what we're moving towards, having a lot of our communications play out over the Internet," Purdue University social psychologist Kip Williams said. "That's the way it's becoming; this is how we interpret our worth. People care how many [online] friends they have."
Or, increasingly, how many Twitter followers they have. This year, a third-party service launched Qwitter, which allows Twitter users to determine who's stopped following them and which tweet may have turned them off.
Experts say rejection on social networks can hurt worse than an in-person snub because people are usually more polite face-to-face than they are online.
"I think the thing that is often clearly worse online is when it's relatively anonymous, and people use that as a cover and are more cruel than they would be otherwise," said Jean Twenge, a San Diego State psychologist who has studied the way social networking affects personality development.
Online rejection also doesn't lessen the physical reaction we have to emotional pain.
"Pain is divided into two components," said Baldwin Way, a UCLA researcher who studies the way human brains respond to social rejection.
"If you put a red-hot poker on your arm, one part of your brain says, 'This pain is on your arm,' and the other part says, 'Ow, that hurts' and is less concerned with where it is and more concerned about the emotional meaning of it," he said. "That [second] part also seems to be activated when someone's left out or excluded and rejected."
To Way's surprise, that neurological reaction holds true even when the rejection comes in a digital form, lacking the real-world body language, vocal intonations and other aspects that can influence the way rejection is perceived and felt.
"If you'd asked me a few years ago if you'd get the same effect online as you would in person, I'd say no way," Way said. "I thought doing something in person would have stronger effects than doing something online, but interesting data has come out in the last few years that show mental representations are just as powerful as the real thing."
These data include Williams' "cyberball" studies, which ask a participant to play a virtual ball-tossing game with two other icons. In one study group, the participant plays the game for the entire six minutes, but in the second group, he or she is included for only a fraction of that time and then ignored. The second group reports feelings of anger and lower levels of self-esteem.
Whether participants believe they're playing with humans doesn't appear to affect their feelings of rejection.
"Even when people get rejected by the computer, they feel bad," Twenge said.
Kenneth Loflin, a student who participated in Williams' study, got so frustrated by his fellow players that he gave the computer screen an offensive gesture.
"I'm a people person, and I like people to like me," he said.
The study also affected the way Loflin interacts online. Out of the 1,200 friends he has on Facebook, 400 of them he doesn't really know, many of them being friends of friends.
"I thought about defriending them, but I didn't want them to feel how I felt" during the "cyberball" game, Loflin said.
By contrast, Bruce Hammond doesn't have a problem giving the rejection slip to Facebook hangers-on.
"For the most part, the people that I'm defriending are the people that I don't have a relationship with: the people I haven't talked to in 15 years," said Hammond, 30, of Chicago, Illinois. "I don't let someone know if I'm going to defriend them. I just do it."
Similarly, Hammond doesn't expect any of his Facebook contacts to let him know before giving him the ax. If someone rejected him in real life, he would ask why the person felt that way, but when the relationship is online, his thinking changes.
"If I come on [Facebook] tomorrow and see I have 425 friends instead of 426, I'm not going to go through my list and see who did it and be upset with them," he said.
Cecilia Sepp, a Washington, D.C.-area consultant, said she avoids the issue entirely by limiting her online network to about 100 friends.
"I don't have a problem with defriending because I don't accumulate [enough] to have a high number," Sepp said.
"When I first heard that defriending was beginning on social networks, it was through a blog post by someone who was shocked that this person had defriended them because they didn't understand why," she said. "The person wanted to know had they done something, had they said something, should they ask, 'What did [I] do?' "
Sepp believes that online "defrienders" should extend the courtesy that Fogel's LinkedIn rejecter gave her: an e-mail explanation.
"You have no facial expression online; you have no tone of voice online; it's very easy to misinterpret phrasing in an e-mail. You have to be very careful about your wording and be more explicit with people when you're making or removing connections," Sepp said. "That's why it's so important to connect with people that you actually know."
source: CNN.com
Labels:
Community,
Facebook,
Technology,
Twitter
Friday, October 30, 2009
Subscribe to:
Posts (Atom)