The value of email addresses for sending spam has declined as would-be spammers choose other methods of spreading their unsolicited messages, Symantec finds in its latest Internet risk report. Social networking sites are a new field for them to steal identities and install malware on their members' computers. Within a year, the number of sites that "fish" in social networks more than doubled, and specifically increased by 125%, notes the well-known security company.
Two key elements of user behavior on social networks prove particularly useful to criminals: so-called social spoofing and the disclosure of personal information. Social spoofing refers to our habit - a "psychological mechanism" - to do what our friends do. So if you see a referral on your Facebook "wall" from a friendly person, the chances of you clicking increase.
The second "weapon" of online fraudsters is the voluntary publication of personal information that makes up the profile of each social network member on the Internet. This information can be useful to would-be eavesdroppers, as it can help them even guess the answer to a security question for logging into an online service without having to "crack" the login code.
The top five methods used in 2012 according to Symantec are as follows:
1. Fake Offers: Members of the network are invited to join an event or group to win gift vouchers or discounts, after unknowingly providing personal information or messages to premium numbers.
2. Manual notification. Users do the hard work of spreading the scam with decoy videos, offers or messages that tempt users to share with their friends. Read more at tech.in.gr: Send this message to your friends and… happy untangling.
3. Likejacking: Users are asked to Like a fake Like button, causing them to install malware on their system, software that then posts to their profile, spreading the infection. Read more at tech.in.gr: Facebook Like with Zori?
4. Fake plugins: they promise some addition to the browser's functions, but instead they steal sensitive information.
5. Frauds Copy-Paste: users are asked to copy Javascript code into the browser's address bar in the hope that they will win a discount/offer coupon.
Symantec typically quotes the famous phrase of the robber Willie Sutton, who said that he "robbed banks because that's where the money was." Today, cyber criminals are targeting social media because that's where their victims are now.
Symantec's full report is published on its website under the title Internet Security Threat Report 2013. Facebook members can report phishing attempts by e-mail to the service at phish(at)fb.com.