Networking sites become potential target for scams

What you put on the Web could wind up in hacker's computer


Social networking sites, where millions of people communicate with friends and family, are emerging as the next frontier for Internet pickpockets.

These hackers and data miners are beginning to tap into the vast amount of personal information stored on these sites to defraud unsuspecting chatters. So far, such efforts have been limited. But security experts believe social networkers could be vulnerable to "spear-phishers," criminals who send masked messages to a small number of people that appear to be from someone they know, as well as other, more general scams.

"Social networking sites are always going to be rich pickings," said Chris Boyd, research manager for FaceTime Security Labs, a California company that recently discovered an attack on Orkut, Google's social networking site. "It's almost like fishing in a barrel." While the dangers of sexual predators trolling these sites have been highlighted in recent months, risks to personal and financial information are not on the radar screens of many people.

Recently, Orkut was hit with a worm seeking financial information and passwords. In early June, an instant-messenger phishing assault on MySpace users tried to steal account information. And in October, the site, which is owned by News Corp. and has more than 70 million users, shut down briefly after a member named "Samy" inserted malicious code into the profiles of members who viewed a specific page.

While the damage has been limited, security professionals believe social-networking scams could easily defraud young people or even the tech-savvy, if they lower their guard when visiting the sites.

If hackers get access to a member's account, they not only get that member's buddy lists, but also learn personal details about the member. That information can be used to create a well-disguised message that appears to be from someone they know.

Anti-virus software and firewalls can protect people from spyware and other dangerous code. But technology can't protect people from perpetrators of fraud who manipulate personal information posted on their social network profiles.

"The biggest exposure people have is within their control, which is the amount of information people give away about who they are - your e-mail address, your age, your gender, where you live," said Dave Cole, Symantec's director of security response. "There is entirely too much personal information on all of these sites." The MySpace generation, though, exhibits little inhibition when it comes to sharing their lives with the Web universe.

"They are effectively handing out their entire life stories to complete strangers," FaceTime researcher Boyd said. "Caution is never a bad thing."

John Boudreau is a reporter for the San Jose Mercury News.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.