Professional Social Networks and the Scammers

SouthPacificWe all use social networks for a wide variety of personal and professional reasons.  Linking together like minded practitioners can be the life blood of any  professional organization (like our Richmond, Virginia NACFE Chapter)  and has been proven to contribute to elevated levels of public service and customer satisfaction.

Social networks like Facebook and LinkedIn are based on the concept of online identities  that interact together to form a virtual social network.  The identities are created as user profiles that reveal the kind of information the individual user wants to display on the network.  I use my LinkedIn page to share posts on this blog with my professional contacts.

It’s hard to set an appropriate control on user profiles that can guarantee the veracity of  the associated identities completely…scammers are aware of this and take advantage accordingly.  One of the most common techniques used by attackers is the generation of fake profiles.  These profiles can be of celebrities, of spoofed known professionals, or wholly fake identities set up to model a profile designed to be attractive to a certain kind of victim.  Fake profiles can be used for many purposes including the monitoring of users of a certain type, for revenge and for engaging in nefarious businesses of all kinds.

Fake profiles temp users to read malicious content posted on the message walls and in the e-mails used for communication.  Once users visit such profiles, embedded malicious codes start infecting the users with malicious executables.  One infected node (user) can unwittingly infect all her contacts on the network.  From a security perspective, this is a clear case of fraud based on identify assumption, identity fabrication, or identify theft and the type of information present in fake profiles runs the gamut for use in a wide range of scams.  It’s a sad fact that such scams are virtually uncontrollable by the social networks themselves.  The users of every social networking site have fallen victim to such profiles so no network is immune; this is because it’s so hard to restrict the actions of users based simply on information contained in their network profiles.

A spammer might set up a fake e-mail directing a user to a fake profile that uses hyperlinks to redirect the user to a malicious domain.  The rogue profile temps users to visit the domain by presenting them with an attractive link reading, “Click here to view a statement by [the name of a known person].”  Clicking on the link will open the fake statement and download malware used to control the user’s machine.

–Professionals using on-line social networking should educate themselves as to the nature of the malware they can encounter specifically in the form of fake profiles and phishing e-mails.  Collaborate with your fellow professionals and share information about the exploits you’ve experienced or read about.

–Users should secure their browsers by installing appropriate client-side filters, such as NoScript in Mozilla, to nullify the type of malicious scripts that render in browsers.  In short, choose the client side filters that are appropriate for your browser type.

–Don’t click on suspicious hyperlinks. Carefully scrutinize the origin of hyperlinks on professional social network profiles to avoid traps; if you aren’t fully comfortable with a hyperlink, don’t click on it.

–Configure your professional profile by applying the appropriate restrictions provided by standard social networking websites to protect privacy; all the sites have such restrictions…review them and use them.

–Report all suspicious profiles,  messages and e-mails directly to the security team of the professional network you’re using.  This can help administrators apply filters to prevent the affiliated scams.

–Install anti-virus software and keep your operating system patches up-to-date.

The professional networking sites we use represent a virtualized world that can be of great value to us in our careers; the aim of malware is to infect users and steal information.  User ignorance is a big factor in the spread of malware and we all have a responsibility as we enjoy the benefits of professional social networks to keep ourselves and our colleagues as safe as we can

Comments are closed.