Are social networking sites inherently more vulnerable to security risks, malware and malicious attacks? Social media is all about, well, being social, and because most interactions occur within a network of confirmed “friends,” users often let their guard down when using these sites. When you factor in the vast amount of personally identifiable information (PII) housed on these channels, social networks are a prime target for cyber criminals.
Understanding what types of attacks are most common on different social media platforms, and why, can help users identify and defend against malware lurking on them. With this in mind, GFI Software analyzed the most common threats on five popular social networking sites to better understand what makes them such easy targets.
Click through for common threats to five popular social networking sites, as identified by GFI Software.
Users often click on links in friends’ posts without thinking twice. Knowing this, cyber criminals propagate fake pages by including them in wall posts that tie into current affairs, such as breaking celebrity news. Exploiting popular Facebook features, such as comments and the “Like” button, is another common tactic used by attackers. And finally, trouble abounds for users who are tricked into downloading fake “Facebook profile viewer” applications. Regardless of the scam, the end game is always the same: unsuspecting victims are tricked into filling out malicious surveys that generate cash for the affiliates involved.
Tumblr encourages users to repost content quickly and easily — an ideal scenario for scammers who can think up a good ruse. Many of the most popular Tumblr threats involve fake “official” Tumblr staff blog entries serving up “free” offers, such as airline tickets and Starbucks gift cards, to users who complete a reward offer or survey. Since users typically don’t check the validity of content sources — likely a result of the “rapid reblog” Tumblr mindset — they are misled into divulging PII that is often used for malicious gain.
No surprise here: cyber criminals take advantage of YouTube’s video platform to lure users into downloading malicious files. The promise of video game cracks, music videos and sneak-peek movie trailers are popular scams that pique users’ interests. YouTube scams can end in any number of ways, including installing malware on users’ systems, prompting them to fill out surveys or tricking them into entering PII for account validation.
Twitter is the most convenient tool for spammers to push rogue links, especially when spam runs are automated. With Twitter’s design, malware writers can’t do much scamming on Twitter itself. Rather, attackers rely heavily on users leaving the safety of Twitter by clicking on rogue links in Tweets that bring them to malicious sites hosted elsewhere. The true destinations of these links are often hidden behind shortened URL links, which were made popular on Twitter. Whether the site in question leads to fake AV launch pads, rogue Facebook pages or gift card scams, the result is equally dangerous. Interestingly enough, attackers often use Twitter as a gateway to threats on other social networking sites.
While LinkedIn arguably hosts the most valuable information to cyber criminals, it’s perhaps the least targeted social media platform. Why? Because the site’s user base is generally more tech savvy and aware of social media threats and attack methods — making it harder for attackers to penetrate and resulting in lower payoff when they do. When the platform is targeted, most schemes involve fake invitations and other mail messages that aim to drop malware onto users’ machines.