back to article Grifters find rich pickings on social networking sites

Social networking sites are creating a means for hackers and conmen to worm their way into the confidence of users. Sites such as LinkedIn can be used to create a veneer of trust that leaves internet users and business at a greater risk of attack, according to a study by Danish security firm CSIS. Dennis Rand, a security …

COMMENTS

This topic is closed for new posts.
  1. Lawrence

    One very bad practice

    I'm not suprised at all about this and would like to expand a little on the bit about fraudsters setting up bogus social networking sites.

    The bad practice i refer to is a marketing exercise used by a number of social networks. I'll mention a couple that I hate partoicularly: hi5.com and tickle.com

    I was prompted to register to such sites when I received the same worded personal emails from my Yahoo! contacts. So I investigated...

    Towards the end the registration process (or in the case of Tickle.com once you have finished a test) you are invited to submit your Yahoo!, MSN and AOL details to 'invite your friends' to the site. When you do this a script logs into your mail account, farms your contact list and sends out automated emails on your behalf.

    This is dangerous because they promote the practice of giving out log in information to a third party. It's fair to say that big name social networks are trustworthy but it doesn't take much to set up a bogus version that offers the same functionality.

    Tickle.com's TOS say that "If Tickle has reasonable grounds to suspect that you have shared your account access and password with another individual, Tickle has the right to terminate your account and refuse any refund."

    One solution, if this is a problem, would be the likes of Yahoo! to prevent scripts logging into their accounts.

    I hope something is done.

  2. charlie wallace

    What would be the point if it weren't easier.

    Computers/technology make things easier, for most everyone, wouldn't be much good otherwise would it ?

    If you're dumb enough to get roped in ( creating a false trust is one thing, sending money another ) lets not give up yet more personal responsibility just because some sucker was born a minute ago. Scraped knees build character.

  3. the Jim bloke

    Elimination of the unfit and stupid

    Anyone who uses the same password for a social site and anything with money involved is, quite simply, too stupid to be allowed on the net on their own anyway.

    No sympathy whatsoever.

    Keyloggers, trojans etc are a more serious worry, so I dont access my bank etc, except from a machine that I personally control the security on.

  4. Rich

    Blogger comments

    Blogger is a big security hole.

    When you comment, it invites you to log in with your Google credentials. It would be the work of moments to make the comment link on a blog template go to a spoof page that collects these instead.

    As a minimum, you could then read through email, issue password resets, etc.

  5. Doc Farmer

    Been Grifted? Let Me Know...

    Answers gratefully accepted - at LinkedIn.com

    http://www.linkedin.com/answers/technology/information-technology/information-security/TCH_ITS_ISC/46748-7404330

  6. Infosecsellout

    Thank You Captain Obvious

    If you lie to people on any forum you can build trust and then abuse that trust. Doe these guys really need press that badly that they would waste their time proving the obvious?

  7. Anonymous Coward
    Anonymous Coward

    LInkedIn / Facebook : Why not just email the CIA a daily update on your life?

    Great sites, if you like exposing your social / business schedule, contacts list and more to all and sundry state and private US authorities wishing to spy on you or use the exposed data to gain commercial advantage or insight into your life / business.

This topic is closed for new posts.

Other stories you might like