Firstly, what is social engineering?
It is a catch all term for intellectual bluff’s used to convince people to attenuate their online security. Ways to achieve this is by clicking a button, opening an email attachment, filling in a form with sensitive information or following a link. There are many methods and scams that use malware through the use of social engineering procedures, and they tap into human fears, desires and just plain curiosity to get past the caution users should exercise when online. The good old Trojan Horse the Greeks manufactured to gain access to the gates of Troy is a great example of Malware. The Trojan Horse theory is used a lot by malware to masquerade files as free or open source software, this can include sexual content like videos or images to get access or get past security.
Explanation over, now to the good stuff….
Towards the middle of 2010, Facebook records show half a billion active users. I would consider this to be the most popular destination on the internet and making it the largest social networking site. “Different strokes for different folks” on the internet when it comes to social networking. I would say people between the ages of 12 and 18 are less likely to use email and more apt to communicate through Facebook, Twitter or other social networking means. There is no surprise then that attackers would tap into this resource to target this huge and committed user base, and these attacks steadily grew throughout 2010.
A very common attack type hitting Facebook users is clickjacking, or a more unknown name “UI redressing”. Cyber criminals will create pages where the true function of a clickable button is hidden beneath a layer showing something completely different. In most cases the users will share this or “like” the seemingly harmless content and this is how it is spread through newsfeeds and status updates.
My next post I will discuss how to avoid being fooled by social engineering techniques, in the meantime, if you have any questions or just some advice contact us