/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: As the hugely popular social networking sites like Facebook and Twitter are becoming attractive targets for phishing and scamming attacks, security firm firm F-Secure has advised the use of different passwords for logging into personal e-mail accounts and networking platforms.
The latest criminal action against social networking sites including Facebook and Twitter was reported by the F-Secure Response Lab on Friday, the security firm said in a press release. Pro-Georgia blogger Cyxymu’s accounts were targeted by a widespread DDoS (distributed denial of service) attack, causing millions of users of the networking sites to experience problems with the sites slowing down or being completely offline on Friday.
Mikko Hypponen, chief research Officer at F-Secure said, “Although this attack was targeted at a specific person, it affected the whole community. We may never know who was behind the Cyxymu attack, however they had access to significant bandwidth.”
Communication through Facebook is all about personal connections and communities of friends. It is precisely this trusted environment – and the 250 million users – that makes Facebook such a tempting target for criminals. Phishing and financial scams are based on creating a false sense of trust with the target of the attack, enabling the criminals to gain access to valuable information or direct financial gain, added the release.
Sean Sullivan, security advisor at F-Secure says, “Weak passwords provide a common way for criminals to hack into social networking sites. Their aim is to harvest contact lists, phone numbers and other information which they can sell to spammers or use in targeted attacks to make money.”
The damage caused by a hacked Facebook account is all the greater if the same password is also used for the user’s e-mail account. This means the criminals can easily reset all the user’s online passwords, get information about banking details and find answers to security challenge questions. Sometimes the answers to personal security questions, for example middle names, house addresses and pets’ names, can even be found directly on Facebook, it further said.
“As the Facebook user name consists of an e-mail address, it is essential that different passwords are used for logging into personal e-mail accounts and for logging into Facebook and other social networking sites. It’s also a good idea to have different primary e-mail, business e-mail, social network e-mail accounts,” Sullivan advises.
This year there has been a series of bogus messages on Facebook from 'friends' asking for financial help. Facebook users should always treat such requests with caution and make a thorough identity check before sending any money, even when the messages appear to come from a family member or other trusted person, the release added.
Koobface, an 'anti-social' virus on prowl
Meanwhile, in the backdrop of the recent attack on social networking sites, the Government of India's Computer Emergency Response Team had recently issued a high alert about Koobface.
Koobface propagates through social networking sites such as Facebook, MySpace, hi5, Bebo, Friendster and Twitter, of course with some tempting messages like 'My personal video'. The video link, if clicked on, would lead the user to a site mimicking the video-sharing site, Youtube, and there begins the hacking game.
So, we alert you again; the virus is on the prowl - in many incarnations...