Fraud potential on social Web

Teens aren't the only people who need to watch what personal information they upload to social Web sites. "Nearly one in three [31%] social networkers on sites such as Facebook and Friends Reunited risk becoming victims of identity fraud because they are negligent with their personal details," reports the Motley Fool, "making them a prime target for phishing and other ID fraud." What happens is that phishers (online cons) send emails to they harvest from sites of all kinds (not just social-networking ones). The emails look like they're from a person's bank, Paypal, credit card company, or even a porn provider, and they try to trick victims into clicking to a Web site that can upload malicious code to your computer or further trick them into giving personal info like social security or credit card numbers. The Fool was citing research by Equifax, which also found that, "of the 739 people polled (a relatively small survey, but it still has some significant figures), 87% published their full names and 38% their dates of birth, with more than a quarter offering their education and work details." Three key take-aways would make for great family discussion: Everybody needs to 1) select the right privacy and safety features for their particular needs (e.g., only friends can view one's full profile); 2) be really careful about the links they click on in other social networkers' profiles (they could link to malicious sites); and 3) everybody needs to check out the providers of the widgets and other code they paste into their profiles (is the source legit or potentially malicious?). [See also network-security news site DarkReading.com's comparison of potential personal and network vulnerabilities in MySpace, Facebook, and LinkedIn.]

Facebook & ID theft

This is something for social networkers to be on the alert about: computer security and social engineering on social-networking sites (social engineering is what phishers and identity thieves use to trick people into making themselves and their devices vulnerable to hacks and ID theft). The latest warning signal concerns Facebook, which recently announced it's becoming a social-networking platform for all kinds of online services and widgets. "While thousands of applications being developed by third parties for Facebook users are enriching the social network's functionality, the Facebook Platform provides a perfect channel for distributing malicious software," CNET reports. To be fair, experts quoted in the article are talking more about the potential than actual attacks. And, "while Facebook third-party developers do not necessarily have access to Facebook members' personal details, whether users agree to install an application is ultimately a caveat emptor scenario" - meaning read the fine print before you agree to install stuff, people!

New phishing trick

Yet another indicator that we can never rely on technology alone to protect computers or kids. In this case, it’s a sneaky phishing scam to grab Net users’ social security and credit card numbers, among other sensitive info. The Register says it’s “able to spoof eBay, PayPal and other top Web destinations without triggering antiphishing filters in IE 7 or Norton 360.” It got this from a Londoner who “says he's been careful to practice good PC hygiene. He runs Norton 360 and uses the latest IE version, which Microsoft has taken pains to lock down with a variety of safety features, including one that alerts users when they visit many spoofed sites. He's also careful to examine the certificates that accompany financial sites he visits before logging in to them.” So this one surprised him. The Register heard from a security expert who “guesses those experiencing this attack have inadvertently installed an html injector. That means the victims' browsers are, in fact, visiting the PayPal website or other intended URL, but that a dll file that attaches itself to IE is managing to read and modify the html while in transit.” It helps to be a good speller and grammarian, because typos and bad grammar are frequent giveaways in phishers’ emails that otherwise look like Paypal or your bank.