Video Screencast Help
Security Response

Daily Homework – Log in to Your Social Network Account

Created: 26 Feb 2010 00:04:00 GMT • Updated: 23 Jan 2014 18:29:18 GMT
Vivian Ho's picture
+2 2 Votes
Login to vote

How many social network accounts do you have? How much time do you spend on your network content and application updates? How many discussion boards or blogs or pictures or games do you need to maintain in each network service?

Besides email and instant messenger programs, social network services have become important media for people to maintain their relationships or business exposure. There are, of course, myriad risks associated with exposing your personal details online when you are not aware of setting proper privacy rules, such as those suggested by the social network services.

Spammers have yet another channel available to send their “love” to you.

Have you had the pleasure of your newly registered social network account sending you tons of friendship invitations on a daily basis? Or, in addition, that same account sends out numerous friendship invitations to your contacts without your consent? Or, have you started receiving lots of junk mail and virus threats soon after you registered online? These sorts of problems often happen when social networking profiles don’t have their privacy settings administered properly. It could also be a problem with the social network service, which might not have maintained proper privacy regulations on behalf of their participants. Spammers can get onto these social network sites and collect user information, such as email addresses or personal blog URLs, for example, and they can collect additional information from friends’ profiles if those profiles are also set to be public.

Symantec recently observed that spammers sent out a spam invitation (complete with virus) through a social network function. The sample shown below is of a replica seller sending out an invitation to join a group on a social network service.

Header:

Subject: Bag Korea invites you to join [super 3A bags super store (3A-1_1) Group…

Body Translation:    
    
Bag Korea invites you to join [super 3A bags super store (3A-1_1) Group
[Details Removed]
If you want to get more information or accept this group invitation, please click the following url:

Screen shot 2010-02-25 at 11.57.59 PM.png
 

Another example shows a spammer disguised as a social network administrator, sending out an account update notification along with virus attachment:

Screen shot 2010-02-25 at 11.58.13 PM.png

Symantec strongly urges users to read social network policies thoroughly; you should be aware of every invitation’s purpose and the consequences of accepting the invitation in order to follow your desired group safely. You should check the group/fan club’s information to see if it belongs to a legitimate corporation. Look through the page to see if they have proper business or fan communication on a daily basis. Ask questions to see if it’s a legitimate group.

The following are legitimate samples for your reference:

Screen shot 2010-02-25 at 11.58.27 PM.png

    

=========================

My thanks to blog contributors Esther Liu and Dylan Morss.