|
The latest Sophos Threat Report shows an upward trend in spam and identity theft through social networks. One of the examples Sophos gives is Facebook. In general Sophos claims that from 2009 to 2010 the spam, phishing and malware containing messages all doubled. Sophos explains the figures on its website thus:
This makes the trend quite clear. I wonder if these figures were a part of the sharp drop in spam figures that was reported recently.
OPTA and social network spam
This is not something entirely new as OPTA, the Dutch spam and malware enforcement agency, has already fined a Dutch spammer for spamming on the Dutch social network site Hives. This private person sent 3.2 million unsolicited messages (“krabbels” which means “notes”) to Hives members advertising his online game. OPTA decided that this is a form of unsolicited electronic message and stopped the spammers activities. The case was never taken to court as the spammer decided to pay the fine. Whether this was a world first, I can not say for sure, but I haven’t heard of another example.
Spam and my Wordpress blog
Almost on a daily basis the spam filter of my blog catches a comment to an article saying “cool”, “where can I subscribe”, “keep up the good work” and all from very complex looking e-mail addresses at g-mail or hotmail. The good news is that WordPress has a functioning spam filter. What is the bad news when I answer or click on the spam message?
So Sophos’ news may not be real news for us users of social network or blog sites. The success of social network sites means just another opportunity for the bad guys and another security hole to plug for technicians. Have you ever wondered what all these thousands of people click on when someone asks them whether LinkedIn really works? Click “like” if you read this?! They click on a daily basis by the thousands because an unknown somewhere in the world asks them to do so. Naivety? Good faith? Plain stupid? Or a sound investigation of the possibilities of LinkedIn? I personally have chosen never to click on these sorts of “like” requests. My advice to you is to not do so either.
Responsibility and social network sites
However, the owners of the social network or blog site have to recognize two things:
Offering a service for free, should not release a social network site from responsibilities. It’s not as if they do not intend to make money of their customers(’ data). The service needs to be trustworthy as real life harm can come from phishing and identity theft and more so if the cyber criminals and spammers can use the service unhindered. On the other hand if Facebook remains structurally unsafe, people will eventually move elsewhere, I suppose, to another social website that does offer a better level of security. Awareness starts with signalling a problem and that is what the Sophos report offers to those who want to listen. For anti-spam authorities there is work for years!
Facebook may want to take this message seriously as EU parliamentarian L. van Nistelrooij just called for [Word Doc] EU legislation because of Facebook’s (lack off) privacy policy. He states that self regulation does not work and has drawn his conclusions.
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byRadix
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byIPv4.Global