Monday, May 18, 2009

Facebook in the News

A couple of interesting Facebook stories have been published in the news recently having to do with security of information. The first story has to do with cybersecurity and phishing attacks. Facebook has been plagued with these attacks over the past few weeks in which hackers are trying to acquire the login password information of Facebook users. The way that it works is that the hackers will send out a malicious link to the friends of already compromised Facebook accounts. When the user clicks on the link, it takes them to what looks exactly like the Facebook login page. Instead, it is a fake page that will send their username and password information to the criminals. The criminals can then access the user's Facebook account to send out more malicious links or other spam. One other result that can be disastrous for the user whose password information is stolen is if they use that same password for other site accounts as well, such as financial accounts. Criminal hackers know that it can be common practice for people to use the same username and password for multiple online accounts. Facebook has said they are cleaning up the problem, removing the phishing messages and resetting the passwords of compromised accounts. Some strategies to avoid this problem are:
  • Do not click on links that you are not sure are legitimate.
  • Check with the person who sent you the link to make sure they are the ones who sent you the link.
  • If the click on the link and it immediately takes you to a login page, it may be a phishing scam.
  • Do not keep the same password for all of your online accounts, especially accounts having to do with finances. I know it can be very difficult to keep track of multiple username and passwords, but keeping them seperate will help you avoid a much larger problem if one of them is ever stolen.
  • Periodically changing you passwords can also help to minimize damage if your data is ever stolen.
The other story in the news was sent to me by Felicia Vargas and is about college admissions officers scanning Facebook profiles before making final decisions on applicants. In a survey released by the National Association for College Admissions Counseling about 25% of colleges and universities said their admissions officers research prospective students' social-networking profiles before extending admission or scholarships. There was no data on how many of those said that their final decision was influenced because of social networking profiles. It has been known for a while that school admissions and employers may Google an applicants name, search YouTube, Facebook, MySpace or other social networking sites looking for information about that person beyond what they see on in application or in an interview. It is important that students know about their "digital footprint" and what they are leaving behind about themselves online. Check out blog article we posted last November with some of this same information and some links to safe social networking.

Wednesday, May 6, 2009

H1N1 Virus Attention Attracts Scammers and Phishers

It seems that whenever there is a high impact news story that captivates the world, there are always criminals in the background waiting to prey on people's fears. So, with all the attention being given to the H1N1 Virus (Swine Flu), you also need to be wary of spam email and phishing attacks. There have been numerous reports of scammers sending out emails with titles about the Swine Flu. These emails can contain links or files that infect the user's computer with malware that will either damage the computer or steal personal data that is stored on the computer. Some emails that are being sent out claim to sell vaccines and exotic cures for the Swine Flu. While some scams are easy to spot, others are more difficult for people to pick up on including this example:

Another attack, reported by researchers at Symantec (NSDQ:SYMC), informed recipients of the swine flu disaster by incorporating a linked news headline from reputable news agencies. Users are asked whether they are in the U.S. or Mexico and whether or not they know anybody who is affected by the outbreak. Victims are then requested to share their experiences by filling in Web application forms or replying back with their e-mails and phone numbers. However, the online questionnaire is a way for scammers to steal identifying information from unsuspecting victims.

security experts recommend that users go directly to trusted news sources for information on the swine flu virus and avoid opening unsolicited e-mail messages and links.

You need to be careful about what information you are submitting about yourself online. recently published a very informative article titled, "FAQ: Demistifying ID Fraud" about identity fraud which answers these important questions:
  • How does the data get stolen from my computer?
  • If I don't use my credit or debit card on the Internet, how does the data get stolen?
  • What do the criminals do with the data when they get it?
This is a very informative article and also includes some links of sites to go to if you think you are a victim.