Forget e-mail spam. Online miscreants are now all over popular social-media sites, and they’re out to steal your identity. CNET’s Sumi Das shows how you can protect yourself.
First there was e-mail spam clogging up your in-box. Now there’s social malware making its way into your Facebook newsfeed.
If you’ve ever seen a spammy message from a friend promising a “Free iPad” or “Free” airline tickets, chances are it’s socware (pronounced “sock ware”) — a phrase coined by engineering professors and graduate students at the University of California, Riverside, in a new study.
Their study analyzed 12,000 users of MyPageKeeper, a free app they developed to identify suspicious posts and help protect Facebook users from them. Of that sample (and those users’ 2.4 million collective friends), just about half were exposed to socware.
Clicking on a link in a post like this could lead you to an external Web site or perhaps another Facebook page. You may be asked to fill out forms where you include your birthday and your address and even your credit card information.
“Some hackers may ask you to fill out a survey. And it’s the con artists who make money from this,” says Harsha Madhyastha, a professor of computer science and engineering and one of the authors of the study.
It’s a classic case of identity theft. And there are other types of scams out there as well — relatively easy to set up, one imagines, because spammers simply create fake Facebook pages. Then all they need to do is compromise a few users, and the viral nature of social networks just takes over as users spread spam to each other.
Facebook has estimated there are about 83 million fake pages on the site; a mixture of innocent and malicious accounts.
The best way to protect yourself? Use common sense, and be judicious about what links you click. Stay away from the ones in posts that contain red-flag words and phrases like “free,” “wow,” and “OMG.” And, of course, be superparanoid about offering up your credit card number. (You can also read more about the MyPageKeeper app here, and see if you think it’s for you.)
Also: don’t drop your guard.
“At the end of the day, you’re seeing a post shared by one of your ‘friends’ on Facebook or Twitter,” Madhyastha says. “How does a normal user distinguish between good and bad posts? It’s going to be hard for users to make this distinction.”