CIO - I don't spend a lot of time on Facebook, so when I got an e-mail from the social networking site telling me "you haven't been back to Facebook recently" and here are some messages you missed, it didn't seem odd. I clicked on the link, wondering what one of my friends was doing.
Oops. I was a victim of a hacking technique called "clickjacking." If it hadn't been for security measures built into Firefox, I might have been in trouble, because rather than going to Facebook, I was headed for http://sleepingpillsfitnesspills.com.
That site might have simply been an ad for cut-rate, Canadian pills - an annoying, but harmless detour. But it also could have been a site loaded with malware, include rogue applications designed to steal key personal information from me and people in my address book.
Facebook, with its hundreds of millions of users, has become the target of hackers, spammers, and just plain crooks. They're trying to lure you in via scam surveys, fake applications and poisoned links, according to a report by Sophos Security.
Unfortunately, Facebook is far from the only popular Web site being compromised these days. Amazon, the giant e-tailing site, inadvertently left a door open that hackers could use to steal your password and get access to your credit card info.
And no matter what you've read about those evil Russian hacker rings, it turns out no country is the origin of more cyber attacks than the United States, according to Akamai's quarterly "State of the Internet" report.
Here are five new threats, including three that target Facebook users:
1. Clickjacking: Sophos Security says this is one of the most common attacks hitting Facebook users. These attacks use maliciously created pages where the true function of a button is concealed beneath an opaque layer showing something entirely different. Often sharing or "liking" the content in question sends the attack out to contacts through news feeds and status updates, propagating the scam.
In my case, I'm a bit embarrassed to admit, I could have avoided the scam page by simply noticing that the address of the e-mail allegedly sent by Facebook was obviously phony. email@example.com. The lesson here is obvious: When you get an e-mail with a link, notice the return address. If it seems odd, delete it. Additionally, keep your browsers up to date; all are doing a better job screening out dangerous stuff, and since they're free, why not take advantage of that protection.
2. Fake surveys: This scam is related to clickjacking since it attempts to make you click on something dangerous via a misleading message. Typically, the scam starts with a provocative (sexual or otherwise) message. Here's one that Sophos highlighted recently: "OMG! Look What this Kid did to his School after being Expelled! After this 11 year old child was expelled from his school he went berserk." Well, that's intriguing.
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts