Protect Yourself Against Phishing on Social Networks

It's your friendly neighborhood "Digital Drummer" again (smile).

There has been a rash of new Phishing attempts on social networks such as Twitter, Facebook, and Ning networks. Cybercriminals follow popular trends. Wherever There's A Crowd....There's Money

One of the three schemes that have suddenly appeared on Twitter, appears to have begun last Thursday with the creation of a few bogus accounts utilizing the age-old lure of "Hot Women". The trick went like this; You look up and see some young gorgeous women is now following you...hmmm You take a look at her profile and click on her web link to find out more (hopefully pictures).

The web address takes you to a fake Twitter site where you're prompted to enter your password. Once you've fallen for the trap, you're passed back to the real Twitter and surprise, surprise...you have even more "Hot Women" following you. Once they have you in the loop, it seems all these women's web links take you to X-rated "dating" sites. Where the scammers get paid (pay-per-click) for providing traffic.

These Phishing attempts have proliferated in social networking sites based on the age-old sucker lures of vanity, greed, and curiosity. The reason they're going after your account is to maximize their hook, utilizing the creditability of your name or Brand. A person may not trust the subject line, they may not trust the URL, but they trust YOU!

If they receive a message from you saying "funny blog going around"....naturally your friends want to be in on the joke. Once again after you click on the link, you're asked for your password. Never enter your password behind following a link. Open a new browser and access the page from your account....if they ask for a password again, it's a fake!

Always double check URL's before entering confidential information (name, address, etc.). In the case above the URL was Tvviter com (notice the double "v" and single "t"). This is a common trick amongst cybercriminals. The IRS, Banks, and Network administrators will never ask you for confidential information over an unsecured webpage. Always look for the "Lock Icon" to indicate that the webpage is using standard encryption security or SSL (see www.ssl.com).

Often the URL/link is shortened by URL compression services like ur.lc. Obfuscated URL's are becoming the tool of choice for cybercriminals. Shortened URL's are the norm on micro blogging sites like Twitter. You should consider using browser plug-in's like Longurl.com (www.longurl.com) as a way to see the true destination of shortened URLs. Twitter and others should consider not counting URLs as part of the 140 character limitation. This would make links safer.

I recommend the following steps if your account has been hacked by a Phisher

1. Notify the network (Twitter, Facebook, etc.) immediately

2. Change your password immediately. And if you have used that password for other sites, change those too.

3. Protect your friends by deleting phishing or spam messages from your Twitter feed, Facebook Wall or wherever they were posted or by warning them not to click on URLs in a scam email seemingly from you.

4. Run an antivirus scanner, especially if you have a Windows PC. There are many free ones, including from Symantec and Microsoft.

Remember, We Must Share The Knowledge (Network)...To Share The Dollars!!!