Tag

Sophos

Browsing

October is National Cyber Security Awareness Month; and in light of this, InHomelandSecurity is presenting a series of blogposts focusing on the security steps you can take to protect yourself from hacking, clickjacking, and other forms of cyberterrorism. Think about what you can do to make yourself more secure in your online world, and take a moment to read our offerings for this month of safety and security:

 

Malicious URL’s in social networking are nothing new. Back in 2011, Time’s Techland blog reported in an independent study that 68% percent of Facebook users clicked on links sent to them. And why wouldn’t they? If a URL appears on your Facebook page or a friend sends you a private message on Twitter, it’s a link coming from someone you know. A friend.

Techland’s study, though, reveals an inconvenient truth: 42% in this study admitted not knowing all their “Friends” on Facebook.

But that was 2011. We’ve learned a lot in a year, haven’t we?

Afraid not.

Fast forward to September 24, 2012, where Sophos’ Naked Security blog reported new malware (software that installs itself on your computer without you knowing) is making the rounds using both Twitter and Facebook, and here’s how it works:

  • You usually get a direct message that reads “lol ur famous now” or “lol iz this u in this vid?” along with a link.
  • Regardless if you are logged into Facebook or not, you will be asked to log in to “verify” the link.
  • You will then be asked to load a “YouTube” update or third-party video application asking to access your Facebook account.

Once uploaded, the “update” installs a backdoor Trojan, software that replicates itself across network drives. Usually, these updates record your computer activity (websites visited, commands and passwords entered, etc.) and send data to a remote location.

All this happens because of a message. From a friend.

But there are precautions you can take with these attempts, and many of them involve common sense:

  • Do you know the sender? Do you often hear from them in this direct a fashion? If not, send a reply, asking if they did in fact send you a link.
  • Is the message poorly constructed? If it is something like “lol iz this u in this vid?” ask yourself if this is common for your friend? Do they usually spell “is” and “you” like this? A good sign it is a spam or a compromised account is the message itself is full of typos or poor sentence structure.
  • Remove and report SPAM on your Facebook wall. Make sure to remove it by moving your cursor over the “Edit/Remove” icon of the announcement, and selecting “Report/Mark as Spam” from the offered menu. (See image below)
  • Delete any Direct Message in Twitter if you suspect it is SPAM. On Twitter, if you suspect a private message as SPAM, reply to the friend and then delete the message. If it happens again, consider removing that user from your network.
  • Change your password if you believe you have been hacked. If you suspect that your Facebook or Twitter account has been compromised, change your password immediately. Do not use the same password for social networking as you use for other websites such as banking or eCommerce.

So what harm would it do if you just clicked on that link a “friend” sent you? Quite a bit actually. Following these preventative tips can still allow you to enjoy the benefits social networking while avoiding malware that could lead to identity theft and fraud. A mantra to follow when networking — think before you click. It’s a simple practice that can keep you safe and secure.

And take a moment to consider that “friend” suddenly reaching out to you. A moment’s consideration can save you a healthy amount of headaches when trying to repair your digital footprint.