As social networks evolve, one of the more popular things to do on them is to play games such as Farmville, Mafia Wars and Castle Age. While these games are no doubt fun, they present cyber-criminals with a new opportunity to gather a treasure trove of personal information about users that can be used in social engineering scams.
According to Catalin Cosoi, a senior researcher at BitDefender, a provider of security software, cyber criminals now set up fake identities to engage people who want to play social gaming applications. As they gather information about the players, that data is then used to create phishing attacks that lure unsuspecting users to sites loaded with malware by including personal information about the user that theoretically only someone who knows that user would have been able to access.
Cosoi says social gaming is only one example of how social engineering threats are evolving on social networks. Cyber-criminals are creating hoaxes and fake movements that are all designed to entice users to join a friends list, or click through to a URL outside of Facebook. In addition, there is now malware, such as Koobface, that has been specifically designed for distribution across social networks.
Unfortunately, these types of attacks are just beginning. There are 350 million users of Facebook alone, and 7 million businesses have a presence on Facebook. With that kind of population, social networks are rapidly becoming the preferred platform for collaboration, but also the distribution of malware.
Malware, like any disease, proliferates anywhere that human beings gather. We take measures to protect public safety to stop the spread of infectious diseases. It's now time to start applying some of those same types of concepts in cyberspace. Don't friend anybody without actually verifying via a third party that your new friend is really a person, and not a botnet trying to lure you into a cyber trap.