Social Engineering and Phishing attacks (bad guys pretending to be someone else to obtain information from you) are some of the biggest threats against your network today. Why would hackers spend days, months, years trying to hack through a firewall or corporate website when they can get quick access by tricking someone to open a backdoored document or run a remote access program?
But how do these attackers know who to attack in a corporate network, or the best way to word a malicious communication attempt to get you to click on it?
Social Media sites!
Two years ago I became aware of a tactic of hackers gaining access to systems by targeting teens. Hackers created malicious sites based on popular teen based movies and pop stars. Now it seems that hackers and cyber criminals have shifted a lot of focus to social media sites.
Hackers target social sites like LinkedIn and even Facebook to to obtain tons of information about potential targets. As a matter of fact, Social Engineers have created bogus LinkedIn users and used a programming interface to easily search for users at a particular place of business and pull a lot of information from their account that could be used in a Social Engineering attack.
Unfortunately there is also a disturbing trend of stalkers and predators possibly using social media sites to track or find potential victims. For over a year and a half, the community awareness website ICanStalkU.com showed internet users how easy it was to pull geotag information from pictures posted on social media sites. They would post a picture pulled from a social site along with the posters user name and… Their Location!
Sadly a recent story by the Associated Press talks about how predators in Indonesia were using Facebook to solicit young teenage girls, and then kidnap and traffic them:
“When a 14-year-old girl received a Facebook friend request from an older man she didn’t know, she accepted it out of curiosity. It’s a click she will forever regret, leading to a brutal story that has repeated itself as sexual predators find new ways to exploit Indonesia’s growing obsession with social media.
The junior high student was quickly smitten by the man’s smooth online flattery. They exchanged phone numbers, and his attention increased with rapid-fire texts. He convinced her to meet in a mall, and she found him just as charming in person.”
The young girl was smitten by the online user’s charm. The simple friend request, exchange of information and finally an in-person meeting led the 14 year old girl into the hands of a 24 year old predator. The monster kidnapped her, she was drugged, beaten and raped.
According to the article there were 7 girls this month in Indonesia who were abducted by people they had met on Facebook.
People are way to trusting on Social Media sites. Do not friend people that you do not know. Be careful how much information you put on business sites like LinkedIn. Keep an eye on young users using social media and warn them about the potential risks of strangers.
Social media is a great thing, it helps us keep in touch with friends, family and co-workers. But there are dangers with online networking. Surf safely!