The threat is flagged up in the latest report released by security firm Symantec. The report, which aims to identify current and predict future cyber threats by analysing data collected throughout 2011 from more than 64.6 million attack sensors, revealed that there has been a drop of 20 billion SPAM from 2010 to 2011.
Although this drop equates to a year-on-year drop to 75.1% of emails sent compared to 88.5% in 2010, it does not represent a reduction in the risk, more a demonstration of how scammers have changed direction.
Commandeering existing social media accounts or creating profiles specifically for the purpose, scammers are sending tweets, posts and messages en masse to an audience of trusting social networkers who feel safe ‘among friends’ on the site – recommending a link to click.
The increasing popularity of link shorteners such as bit.ly and Twitter’s automatic link shortener leave the destination of the link a mystery to the clicker – making it simple for cybercriminals to trick users into clicking.
Spam tweets or posts will either offer promotions or freebies, hijack news stories (only today Twitter is rife with links claiming to lead to Justin Bieber’s new music video that actually leads to virus-infected sites) or target the user personally. A prime example of a direct Facebook or Twitter message that I’ve received recently is: “I can’t believe that this picture of you was posted – I thought I should let you know about it: [ link ]” or “Have you seen the latest outrageous pictures of [insert celebrity name] yet? You have to see this! [ link ]”
Symantec vice president and managing director for the Pacific region, Craig Scroggie told ZDNet: “With a decrease in spam, we’ve still seen an increase in the effectiveness in malicious attacks … and it’s through social networking, it’s through social engineering, it’s the viral network of social networks that’s making it much easier for threats to spread from one threat to the next.”
Social networks have proven to be a veritable breeding ground for malware, with AVG Technologies reiterating the point in their first quarter report highlighting the added risk of accessing social sites through mobile devices.
Yuval Ben-Itzhak, Chief Technology Officer at AVG, said: “We detected a big increase in the use of social networks such as Facebook and Twitter to target Android users. Cyber criminals are finding it very convenient to distribute their malware straight to a mobile device via these networks. The growth of the Android platform has been phenomenal, which has not gone unnoticed with cyber criminals who have discovered it to be a lucrative target for their malware. In 2011, Google had to remove over 100 malicious apps from the official Android market, Google Play.”
Avoiding this threat seems fairly simple – don’t click on links that you do not know. However with targeted attacks becoming more and more common it is seemingly easier to be duped. One of the tools that could help to identify where links will lead are link-expanders which restores the link to its previous form, such as longurl.org.