Social Media Scams Plague Networks

By Robert Siciliano, ID Theft Expert and Security Consultant to Intelius.com

For the past year, I’ve been screaming about the trouble with social media as it relates to identity theft, brand hijacking, privacy issues, and the opportunity social media creates for criminals to “friend” their potential victims in order to create a false sense of trust and use that against their victims in phishing or other scams.

I predicted long ago that the problem will get a lot worse before it gets better and there’s no question about it, criminal hackers have taken hold and are in full force.

We hear about a new Twitter phishing scam almost daily, whether it’s via direct messaging or a shortened URL.

My spam folder is filled with emails from Facebook phishers, requesting new login credentials, or a “friend” who’s sending me a video that’s actually a virus.

Not too long ago, it was big news when someone had their Facebook account jacked by someone who impersonated the victim, claiming to have lost their wallet in the UK and begging for a money wire.

Lately, I see a story about another victim every week.

Robert Siciliano, Identity Theft Speaker with ID Analytics discussing Social Media Identity Theft on Fox, Boston.

Last time I checked, Facebook had more than 400 million users and Twitter has more than 50 million. These numbers jump exponentially every month, and old and new users are still being victimized.

James Carnall, manager of the cyberintelligence division at security monitoring firm Cyveillance, says, “Social media cybersquatting is where domain name cybersquatting was ten years ago”.

Scammers aren’t just stealing identities and spreading malware. They are brand jacking in ways that are hurting companies’ bottom lines.

While many may not have sympathy for the bottoms lines of billion dollar corporations, this hurts the little guy, too.

Knock off software, hardware, merchandise, and movies ultimately cost legitimate taxpayers jobs and hurt the economy when the money is heading to criminal hackers elsewhere in the world.

Liz Miller, vice president of the Chief Marketing Officer Council, says, “Counterfeiting operations are highly organized, are very global and are picking up steam because of the economy.”

MarkMonitor, a company that tracks online threats for its clients, determined that phishing attacks on social networking sites increased by 164% over the past year.

And in a CMO Council survey of 4,500 senior marketing executives, nearly 20% of the respondents said they had been affected by online scams and phishing schemes that had hijacked brand names.

These statistics undeniably point to organized crime syndicates.

Protect yourself from social media identity theft:

1. Register your full name and those of your spouse and kids on the most trafficked social media sites, blogs, domains or web based email accounts. If your name is already gone, include your middle initial, a period or a hyphen. It’s up to you to decide whether or not to plug in your picture and basic bio, but consider leaving out your age or birthday. You can do this manually or by using a very cost effective service called Knowem.com.
2. Register all your officers, company names and branded products on every social media site you can find to prevent Twitter squatting and cybersquatting.
3. Get free alerts. Set up Google alerts for your name and get an email every time your name pops up online. Set up a free StepRep account for your name. StepRep is an online reputation manager that does a better job than Google does of fetching your name on the web.
4. Implement policies. Social media is a great platform for connecting with existing and potential clients. However, without some type of policy in place that regulates employee access and guidelines for appropriate behavior, social media may eventually be completely banned from every corporate network. Teach effective use by provide training on proper use and especially what not do to.
5. Encourage URL decoding. Before clicking on shortened URLs, find out where they lead by pasting them into a URL lengthening service like TinyURL Decoder or Untiny.
6. Limit social networks. In my own research, I’ve found 300-400 operable social networks serving numerous uses from music to movies, from friending to fornicating. Some are more or less appropriate and others even less secure. Knowem has a mind blowing list of 4600 as of this writing.
7. Train IT personnel. Effective policies begin from the top down. Those responsible for managing technology need to be fully up to speed.
8. Maintain updated security. Whether hardware or software, anti-virus or critical security patches, make sure you are up to date.
9. Lock down settings. Most social networks have privacy settings that need to be administered to the highest level. Default settings generally leave the networks wide open for attack.
10. Invest in Intelius identity theft protection and prevention. Not all forms of identity theft protection can be prevented, but identity theft protection services can dramatically reduce your risk. “Disclosures”

* * *

Stay Informed With ISR News Alerts:

Email:

by FeedBurner

* * *

Robert Siciliano is an expert on personal security and identity theft as the CEO of IDTheftSecurity.com. An American television news correspondent, security analyst, and author of “The Safety Minute: How to take control of your personal security and prevent fraud”. Featured on the The Today Show, CBS Early Show, CNN, MSNBC, FOX, CNBC, Inside Edition, EXTRA, Tyra Banks, Stern, and in USA Today, Forbes, Tech Republic, SC, CSO, Search Security, Tech News World, EWeek, SecurityInfoWatch, NY Times, Boston Globe, LA Times, Wash Post, Chicago Tribune, AP, UPI, Reuters, and Entrepreneur.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

Filed under: Breach, D&O Liability, FEATURE ARTICLE, Financial, Insider Threat, Robert Siciliano, Sarbanes-Oxley, Uncategorized, due diligence, hackers, identity-theft, malware, national security, privacy 

Comments

• ISR Headline Index

  • Police Make Arrests In ATM Skimming Ring
  • Insurance Industry Fights Liability Claims
  • More Talks with Anti-Jihadi Hacker The Jester
  • Avoiding Enterprise Software Vendor Lock-In
  • The FCPA Role In International Acquisitions
  • Vigilante Hackers as Heroes, but at What Cost?
  • China: Internet Freedom Is Culturally Relative
  • Advantages of Data-Focused Risk Assessments
  • WireHead Security Partners With NCICU
  • FaaS: The Emergence of Fraud as a Service
  • Pet Lovers are Target of Latest Online Scams
  • Behavioral Based Email Security Systems
  • Web Security From A New Perspective
  • Q & A With Anti-Jihadi Hacker The Jester
  • Technology Drives New Age of Collaboration

• Recent Comments

  • James C. Roberts III on The FCPA Role In International Acquisitions
  • LH on Q & A With Anti-Jihadi Hacker The Jester
  • Some Sun Tzu quotes… | D90 Tools & Techniques on Sun Tzu: PCI-DSS and Situational Awareness
  • JT on More Talks with Anti-Jihadi Hacker The Jester
  • j35t3r on Q & A With Anti-Jihadi Hacker The Jester
  • Albert Lea Tribune | Military News | Military Fitness Wisdom on Sun Tzu: PCI-DSS and Situational Awareness
  • ravenwaver on Q & A With Anti-Jihadi Hacker The Jester
  • badgamon on Q & A With Anti-Jihadi Hacker The Jester
  • How th3j35t3r And Other Hackers Are Using Their Skills To Bring Real World Bad Guys To Book on Q & A With Anti-Jihadi Hacker The Jester
  • “We want heroes” – at what cost? « jpskaar on Patriot Hacker Hits Jihad With DDoS Attacks
• 
  

  Information Security Resources

  Top network security blogs

• Categories

  • Anthony M. Freed (28)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (22)
  • Breach (490)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (24)
  • Class Action Lawsuit (108)
  • Cloud computing (67)
  • Coby Royer (5)
  • CTO Forum (7)
  • D&O Liability (539)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (6)
  • due diligence (249)
  • Fame Foundry (1)
  • FEATURE ARTICLE (396)
  • Financial (524)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (333)
  • Greg George (3)
  • H1N1 (15)
  • hackers (479)
  • healthcare (93)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (476)
  • IDExperts (16)
  • Ike Z. Devji (1)
  • Insider Threat (434)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (40)
  • ISR News (315)
  • Jacqueline Herships (1)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (1)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (22)
  • Laton McCartney (6)
  • Laura Wilson (14)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (444)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (2)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • Mike Duncan (3)
  • Mike Meikle (3)
  • Mike Spinney (1)
  • Military (174)
  • national security (401)
  • PCI (268)
  • PCI Security Standards Council (30)
  • Physical Security (11)
  • privacy (495)
  • Rachel James (10)
  • Rebecca Herold (15)
  • Richard Stiennon (27)
  • Robert Siciliano (30)
  • Sarbanes-Oxley (443)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (4)
  • The Privacy Professor (15)
  • Thomas R. Fox (4)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (6)
  • Tripwire (18)
  • Uncategorized (577)
  • virtualization (57)
  • Webcast (31)