NEWS
Security experts are warning of a drastic rise in personalised phishing campaigns, with social networking at the heart of the problem.
AusCERT's general manager Graham Ingram said social networking sites - such as Facebook and MySpace - are having an enormous impact on security because of people's willingness to share personal information.
Ingram said: "Years ago you would write things [in a diary], personal things. Nowadays you write it on the internet and you put it into sites like MySpace. The amount of information that exists if [criminals] want to get it is extraordinary."
Mark Sunner, MessageLabs chief security analyst, said spammers are already using personal information gathered from social networking sites. Speaking in a recent interview, he said the number of phishing emails has remained static over the past two years but their content had become extremely personal.
Sunner said: "We're seeing people's names, postal codes and addresses. I think this is a symptom of an addiction with social networking sites such as MySpace or LinkedIn - where people have willingly keyed in all this information about themselves.
"This is a goldmine of data for the bad guy community - the bad guys now have the name, age, sex, geography, likes, family member's names. So the ability to make an attack very, very tailored is something we'll see play out for the remainder of 2007."
AusCERT's Ingram added: "God knows what's in front of us... I don't believe we've adjusted to that new environment and what the cyberworld offers."
Liam Tung writes for ZDNet Australia
Comments
There are 3 comments. Join the discussion
1. Rob
Not from my facebook page they don't, cause I'm not stupid like most of the population seem to be nowadays.
I still cry today about the fact that common sense packed it's bags and left for more sensible climates.
2. RussD
You're assuming of course that sense is common. It's not. :)
3. Bart Patrick
People underestimate just how easy it is for fraudsters to piece together data sources and create a profile of an individual.
Largely criminals are using these sites to directly impersonate individuals. However, organised crime rings also use social networking sites to confirm indentities and information gained from other sources.
The major concern here is people’s willingness to hand over personal information without thinking about the implications.
Individuals really need to start being more aware of these threats before disclosing information. The following steps need to be taken for the public to protect itself when visiting social networking sites:
- Do not issue factually identifying information such as date of birth, address etc. Instead give approximate numbers to describe your profile, e.g ‘I am between 18 and 25’
- Need to treat web users as complete strangers – you wouldn’t give a person you met on the street your address, so why give it to someone online that you’ve never met before?
The financial services industry is working to protect consumers from a business perspective, having spent millions on anti-fraud activity, both electronic and physical. This is compounded by issues surrounding verifying “is this person really who they claim to be” – as the more information a fraudster has the harder this is.
But despite these industrial efforts, it is down to individuals who use these sites to take steps to protect themselves. However, banks and the media need to continue to push the warning messages of the risks of disclosing personal information in the public domain.