Hackers Learning Social Skills

Monday, September 19, 2011 @ 01:09 PM gHale


Social media sites are the breeding ground for a sophisticated, orchestrated online scam that promises bogus prizes in order to dupe users into giving up personal information.

This scam uses typographic variations of the social media sites’ domain names to host web pages formatted to look just like the homepage, deceiving users into thinking they are legitimate.

RELATED STORIES
Executive Fear: APT Attacks
Survey: For Security, Talk, but No Action
Breach: More SCADA System Holes
Compliance Does Not Mean Secure

This scam impacts 281 typos of the top 10 most popular social media sites, and puts 48 million unique visitors per year at risk for spam, phishing and even identity theft, according to a study by FairWinds Partners.

The scam has become pervasive among the most highly used social media websites, including Facebook, Twitter, LinkedIn, YouTube and others.

“It systematically steals Internet users’ identifying information by targeting a relatively narrow percentage of typo domain names – only those that receive extremely high volumes of traffic – in order to reach as many unsuspecting users as possible,” said Phil Lodico, co-founder and Managing Partner of FairWinds.

Promising prizes and rewards in exchange for answering survey questions, these scam sites can quickly acquire a user’s personal information, including his or her full name, telephone number, email address, physical address, date of birth and even financial and credit information. The group of scammers then sells the information to spammers and other digital miscreants.

“As with other instances of typosquatting, only the top tier of typo domains are being affected here, namely those that receive the most traffic,” said FairWinds co-founder and Managing Partner Josh Bourne. “This means that with a relatively small amount of targeted action, social networks like Facebook, Twitter and YouTube can wipe out the majority of these scam sites and protect their users.”



Leave a Reply

You must be logged in to post a comment.