Don't Be Fooled by Social Networking Scams
reprinted from Symantec

Has your business taken the leap into social networking yet?

Recent studies show that more and more small businesses are catching on to Facebook, LinkedIn, and other social networking sites as powerful workplace tools. According to a study published by New York-based AMI Partners Inc., the number of small businesses using social networking services is expected to double from 300,000 to more than 600,000 this year.

Increasingly, business workers are using these sites to communicate with colleagues, prospects, business partners, and clients. Numerous studies also cite the usefulness of social networks in competing under current market conditions.

And because networks such as Facebook, LinkedIn, Twitter, Plaxo, and Ning cost little or nothing to join, there's no reason you shouldn't try them for the purpose of expanding your business. Stories abound of small businesses using social networking sites to dramatically increase the pool of qualified candidates when job openings arise.

Another advantage of using social networks: it shows candidates (especially younger ones) and potential customers that even though you're small, you can be as "bleeding edge" as any company. This is also a way to extend your business globally, as the Internet doesn't have boundaries.

Beware of being compromised
Of course, if you use these new tools, you need to be aware of certain risks. According to the latest Symantec Internet Security Threat Report, Web-based attacks are now the primary vector for malicious activity over the Internet. As the report observes:

"The continued growth of the Internet and the number of people increasingly using it for an extensive array of activities presents attackers with a growing range of targets as well as various means to launch malicious activity. Within this activity, Symantec has noted that most Web-based attacks are launched against users who visit legitimate websites that have been compromised by attackers in order to serve malicious content."

Recently, both Twitter and Facebook landed in the news when they were hit with phishing attacks. In one of the attacks, hackers created fake Twitter accounts and then started following legitimate Twitter users. Twitter notifies users when they have new followers, sending the user a link to the follower's Twitter profile page. In this case, the profile page contained a link to a phishing site. A user investigating a new follower would end up on a fake site and be asked to enter a username and password. Once the phishers obtained their victim's login credentials, they used them to launch another round of attacks.

Lately, Symantec Security Response has observed a rise in another technique that abuses social networking sites. In one case, a Facebook user's account was hijacked and a legitimate message was sent to everyone connected to that user (direct friend, friend of a friend, etc). If a recipient navigated to the Web page provided in the message, malicious code would attempt to load.

A good reminder to all social network users: a message really may not be from a friend, even if it's from a friend.

Symantec has also observed spam attacks claiming to be messages from various social networking sites. Email purporting to be from one well-known site prompts recipients to download a new video player before viewing a new "adult" video. The "video player" is, in fact, malicious code.

Other scams to avoid:

  • Facebook and Twitter messages relating to celebrity news (such as those claiming to have "secret" information about Michael Jackson's death)
  • Pleas for money from Facebook "friends"
  • Unsolicited invitations to join online groups (such as college alumni associations)

All of these have been used by criminals seeking access to private information that can, in turn, be used for profit.

Complete protection
To protect yourself against these types of threats, always follow Symantec best security practices, as outlined in the Internet Security Threat Report. That includes using an antiphishing solution. As some phishing attacks may use spyware and/or keystroke-logging applications, Symantec advises you to use antivirus software, antispam software, firewalls, toolbar blockers, and other software-detection methods. Never disclose confidential personal or financial information unless you can confirm that any request for such information is legitimate.

Today, more and more small businesses are learning that social networking sites can provide a genuine competitive edge, whether it's by finding (and forging deeper ties with) customers or by empowering employees. But understand that there are security precautions to observe. The increasing use of social networking sites makes them a prime target for cybercriminals intent on stealing identities, spreading viruses, or bombarding you with spam.

 Safeguarding your information in the new era of social networking needs to be a serious concern. And that means augmenting your antivirus software with advanced threat protection.