Aujas, an Advantage Marketing client, is an information risk management firm knowledgeable about all things cyber-security related. I recently asked Karl Kispert, Aujas VP for Business Development, how social media users can protect themselves from scammers, especially on Facebook and LinkedIn. Here’s what Karl and his expert team had to say.
The buzz about social media has been increasing recently. There are more than 500 million active users on Facebook, with 50% of them logging on at least once a day from their office, home, coffee-shop, school, or from smart phones. Social media has emerged as an effective marketing tool to engage with a mass audience and many companies have an active presence across LinkedIn, Facebook or Twitter. As Natalie Petouhoff, Senior
Researcher with Forrester Research, Inc., said, “Social media isn’t a choice anymore – it is a business transformation tool.”
But as fun and engaging as social media is, it has a dark side. Hackers and scammers are exploiting it to create new ways to infect computers and networks and to trick unsuspecting users into revealing their personal or financial information.
How do scammers pull this off? They go phishing. A scammer will hack into a Facebook or LinkedIn user’s account and send out messages to friends or connections, unbeknownst to the user. These messages look genuine but are carefully crafted by scammers to trick recipients and exploit their emotions.
Messages with links to breaking news, celebrity stories, or even adorable puppy videos can all be engineered to make the user click through. Clicking on a link about Kansas tornado victims, for example, would take the user to a site that asks for credit card information for a donation. This information is then collected and exploited by the scammer.
A user may also see messages like these on their LinkedIn home page or Facebook wall:
Tornado victims need your help, please donate http://ntbnking.lnkd.it/jpn/donation
I bumped into some of your old friends the other day; they wanted me to send you this – http://facebooklink”
By clicking on the links, malware or a virus gets downloaded and the user’s system is compromised.
Yikes. If we can’t trust messages from our friends and connections or even what’s written on our own wall or home page, are we crazy to use social media? Fortunately, education and awareness can help fight phishing attacks and scams and keep us all using social media safely.
Here’s what companies can do to fight phishing attacks:
- Establish a social media strategy. Clearly document and enforce what is allowed and not allowed to be discussed and disclosed on social networking sites.
- Conduct social media awareness programs which should include the rewards and risks of social media. Such training should also cover how to identify malicious websites and differentiate between original and fraudulent websites.
Here’s what employees can do to avoid becoming the prey of phishing attacks:
- Never click on a link or a bookmark which is associated with financial transactions or asks for any sensitive information; instead always manually type the URL in the address bar.
- Don’t click on links which ask to download ActiveX or software on your system. These could be Trojan/malware which later becomes the control center to remotely control your system and others in the network.
- Ensure that the site is authentic and using secure layer (https) before providing any sensitive information about yourself or your organization.
- Report suspected links to your internal security team and the social networking site so that they can work with the hosting provider to bring down the phish website.
Social networking phishing attacks are on the rise, according to the latest Anti-Phishing Q2 2010 Report. Both companies and employees have to play their part to counter the phishing risks of social media.
Karl Kispert is Vice President of Sales and Business Development for Aujas for North America. He can be reached at 201 633 4745 or firstname.lastname@example.org. Learn more about phishing and cyber-security at www.aujasus.com.