Security Researchers Alert Facebook Users on New Scam - Recently, security researchers at Kaspersky lab identified a new scam targeted at Facebook users.
Security Researchers Alert Facebook Users on New Scam
By eccuni
Mar 23, 2011 - 8:19:01 AM
While the emergence of social
networking sites has revolutionized the way people communicate with their
friends, relatives and peers, they have also aided perpetrators of crime to peep
into personal data of users. Facebook users in particular have been repeatedly
targeted by cybercriminals to extract personal information.
Recently, security researchers at
Kaspersky lab identified a new scam targeted at Facebook users. Many Facebook
users received chat messages from their friends. The message read "
Father crashes and dies because of THIS
message posted on his daughters profile wall!" The message was followed by
a shortened Unique Resource Locator (URL). Unwary users, who click on the link,
are taken through a chain of redirections, which ultimately displays a fake and
malicious Facebook application. The fake application seeks access to profile
information including 'list of friends'. Once unwary users allow the malicious
application to access the profile, the malicious chat messages are circulated among
all online friends of the targeted user.
The user is
also tricked to undertake an identity verification test on a separate page,
wherein they are asked to choose between some of the quizzes. Social
engineering techniques are used to create an impression among the users that
the application is legitimate. The attack also uses Internet Protocol (IP)
address geolocation and translation services to use the same language as that
of the targeted user in messages. On completion of the identity verification
test, the targeted users are asked to send a Short Message Service (SMS)
message to an SMS number. The average cost of the SMS is around $3, which acts
as income for the offenders.
Social
networking sites have become a breeding ground for cybercrime as they contain
loads of sensitive information. The information could be misused for creating
fake accounts and impersonating legitimate users to extract confidential
information from other users. As organizations are also making use of the
social networking sites for promotional activities, they must educate employees
on the possible security threats and safe online practices through training
programs, online
degree and e-learning
programs.
Analysis by
security researchers indicate that Facebook users in Ukraine were most affected
by the latest scam, followed by India, United States (U.S), Russian Federation
and Belarus.
Social
networking sites must conduct regular security evaluation of their sites
through professionals qualified in security audit, masters
of security science and penetration testing, to identify security
flaws and lapses, which could be exploited by attackers. Online university degreeprograms on cyber security and information assurance may help IT
professionals in updating their technical know-how and skill sets.
EC-Council University is based in Albuquerque, New Mexico
and offers Master of Security Science (MSS) degree to students from various backgrounds
such as graduates, IT Professionals, and military students amongst several
others. The MSS is offered as a 100% online degree program and allows
EC-Council University to reach students from not only the United States, but
from all around the world.
EC-Council is a member-based organization that certifies individuals in
cybersecurity and e-commerce skills. It is the owner and developer of 16
security certifications, including Certified Ethical Hacker (CEH), Computer
Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst
(ECSA)/License Penetration Tester (LPT). Its certificate programs are offered
in over 60 countries around the world.
EC-Council has trained over 80,000 individuals and certified more than 30,000
members, through more than 450 training partners globally. These certifications
are recognized worldwide and have received endorsements from various government
agencies including the U.S. federal government via the Montgomery GI Bill,
Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the
Committee on National Security Systems (CNSS). EC-Council also operates the
global series of Hacker Halted security conferences.
Disclaimer: Dime-Co.Com is an online information article and video article network. All articles, video articles, comments, and other features herein are for informational purposes only and are provided "as is" without warranties, representations or guarantees of any kind. The views and opinions expressed in an article, comments, links or blogs are the author's own, and not necessarily those of dime-co.com's owners. For full disclaimer, please read our TOS.