Cyber criminals target Facebook and LinkedIn

An online security firm known as Sophos has warned that nefarious cyber criminals are stepping up their attacks against members of various social networking sites.

“Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made,” explained Graham Cluley, senior technology consultant for Sophos.

“The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks.”

Indeed, Sophos surveyed more than 500 organizations and discovered that 72 percent expressed concern that employee behavior on social networking sites exposed their businesses and put sensitive data at risk.

In addition, the “Social Security” survey revealed that criminals launched attacks after identifying potential victims on various social networking sites like Facebook.

“We shouldn’t forget that Facebook is by far the largest social network – and you’ll find more bad apples in the biggest orchard. [However], the truth is that the security team at Facebook works hard to counter threats on their site – it’s just that policing 350 million users can’t be an easy job for anyone,” said Cluley. 

“But there is no doubt that simple changes could make Facebook users safer. For instance, when Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the Internet.”

Cluley also warned that LinkedIn provided a “sizable pool” of sensitive data for hackers to glean.

“Targeted attacks against companies are in the news at the moment, and the more information a criminal can get about your organization’s structure, the easier for them to send a poisoned attachment to precisely the person whose computer they want to break into.

“Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff’s names and positions. This makes it child’s play to reverse-engineer the email addresses of potential victims.”