I keep getting asked about what malware Symantec has seen that’s been written to target social networks. While there have certainly been a few such as Koobface, people are asking the wrong question. If the social network sites are paying attention, and to their credit they usually are, these threats can be squashed pretty quickly. It’s not targeted attacks you should be worried about, but adapted attacks. Adapted attacks occur when the bad guys take existing threats and use social networks to increase the effectiveness of the social engineering aspect of the attack. There is nothing like being surrounded by friends to get you to lower you guard. Take the problem we are getting a lot of reports on currently—it’s an advanced payment scam. This is often called a Nigerian 419 scam. (I like to call it the Spanish Prisoner.) But, instead of some prince in Nigeria, the scammer appears to be a friend of yours. And, instead of getting a long letter, you’re contacted via a social network. What remains the same is that they both want your cash. You’ll undoubtedly see endless variations on this theme, but the basic scam is that someone you are connected to via a social network posts a status message, or instant messages you, or sends you an email stating that they are in trouble. They are apparently stuck somewhere (London is currently popular) and have gotten lost or been robbed of all their cash or both. They need you to “loan” them some money so they can get home. Unlike helping the Prince of Nigeria, your motivation to send the cash is noble; you want to help out a friend. But, here's the thing. Whoever is contacting you is an imposter. The imposter has broken into your friend’s account and having unrestricted access to all of that personal information makes it pretty easy to make convincing claims. How could this be? Well, I’ve written before about how people are not always who they say they are on a social network. However, with a stolen login and password, someone can be very convincing while pretending to be your friend. Phishing attacks used to be aimed solely against the customers of banks and other financial institutions. But in the Symantec Internet Security Threat Report, Vol. XIII we reported on the shift of the target toward social networks. The bad guys have used compromised login credentials in the past to plant malicious code and to send spam. So, the move to advanced payment scams shouldn’t be unexpected. Sadly, it's a natural evolution.
Top countries hosting phishing Web sites and top targets phished
(Source: Symantec Corporation)
How do you protect yourself? Ensure that you follow best practices to protect you and your machine against phishing attacks. This will help you to avoid giving up your own personal credentials. For an advanced payment scam your best defense is skepticism and common sense. If something seems wrong or peculiar, it probably is. And of course there is the old adage that says if you have friends that want to borrow money, maybe you need new friends.