The trust people have in social networking sites could inadvertently lead them to fall for phishing scams, according to an online security expert who tracks so-called "419 scams," so named for the Nigerian penal code intended to prevent the scams.
The business social network site LinkedIn has an unusually high degree of trust among its users, who are almost all adults using the site to increase their business and contact networking. While LinkedIn often helps people make new connections that help them find jobs or make introductions that lead to deals or collaborations, it also appears to be ripe for those who would prey upon people who in a supposed safe setting drop their otherwise common sense, allowing strangers access to important personal information.
419 scams usually start with an message being sent to an unsuspecting email user, claiming to be from a person who has come into a large sum of money either by inheritance or settlement – but the only way they can collect on the funds is by involving a third party (what we in the biz often call a sucker) who provides a bank account in which to deposit said funds. The rub comes when money is in fact not deposited but withdrawn (surprise!) and there's no way to recall or cancel the transaction. Nigeria created the penal code to deal with this because an unusually high number of the scams originate in that country.
Until now, the most common opening salvo from a scammer came by way of an unsolicited e-mail straight to the target's in-box. Now, though, with social networking sites, especially LinkedIn, conferring almost immediate trust in a new contact, the wariness an Internet user might otherwise employ when dealing with a stranger is dropped. In its place is a willingness to cooperate with the new contact. (But we wonder, really, who needs a new contact in Nigeria, unless of course you're into oil drilling or you trace your lineage back to that country?)
Unlike regular e-mail, which can be sent out in spam like fashion to millions of people at once, social networking sites require a little extra work on the part of scammers, who have to send an invite to connect to specific e-mail addresses.
Phishing messages were up by 5 percent in 2007. Social networking sites are now the top route for phishing e-mails take take in the three countries that suffer the most from the attacks, the U.S., China and Romania, according to Internet security firm Symantec.
The advice? Be just as wary of adding new contacts to your social networking accounts as you would with any other unsolicited message.
How can you stop yourself from being a big, fat target? For starters, don't post important personal information on your social networking profile. This may seem counter-intuitive, but there are plenty of examples where proprietary company information is leaked by an employee who just isn't thinking strategically. And conversely, more than one person out there has been busted by a friend, spouse or employer for posting salacious content about a rough night out or a picture from a holiday jaunt that ended in a little less clothing than would otherwise be advised.
You've been warned. [Source: PC World.]