Social networking sites driving new wave of security threats

Consumers need to learn what security threats they may face when surfing social networking sites.

Hackers and cyber-criminals are increasingly using sites such as YouTube and MySpace to steal personal details and consumers are being warned to look out for threats such as the exploitation of anti-phishing toolbars, enhanced concealment of data and BOT evolution.

Ross Paul, Senior product manager EMEA, at Websense, said research conducted by the company found that both worms and Bots will be replaced by a new wave of cyber-criminals in 2007.

These criminals will “work as an underground community, sharing information on what tools and methods work when it comes to tricking consumers on the social networking sites", he warned.

“Hackers have realised that they need to become discreet when it comes to social networking. They need to blend in with the crowd. This can be seen by looking at sites such as Wilkipedia, which can quite easily be used by fraudsters to trick consumers as the open nature of this service means that content can be changed and links added to get consumers onto corrupt sites,” commented Paul

Richard Clayton researcher at Cambridge shared this view. In the past consumers have backed away from impersonalised emails which they believe are spam, he said.

“However social networking sites have changed this as people give away lots of personal information that fraudsters use to ‘personalise’ an email.

"Users must therefore understand that these sites are purely generated content which use links from one friend to another and must be aware of their networking surroundings.”

Although social networking sites such as Beebo advises that users “never divulge any personal information that could be used to find or identify you in real life in a public forum. Password protect this information" and “Don't bite at a phishing scheme", both Clayton and Paul believe businesses need to do more to educte consumers.

“Although education is not the silver bullet it does help,” commented Paul. “When the creators of these social networking sites began to develop them, security wasn’t a primary concern as they got too carried away with new ideas. However they must begin to think of the potential risks they are putting in front of consumers and to educate them on the risks.”

“Many businesses give consumers simplistic advice such as ‘look for a lock at the bottom of a website’ which shows it is secure. But fraudsters have woken up to this and began to copy it. Yet consumers are still following this basic advice for evolving threats as they have not been told differently, showing that constant education is needed,” Clayton said.

However until businesses do, consumers can help themselves by being vigilant and sceptical of unknown content. "Share bad site or fraud incidents with security vendors who have a specially dedicated page on their sites for this.” Paul suggested.

Beebo also advises that consumers let them know if there is a problem by clicking on the 'Report Abuse' link on the offender’s profile.