Criminals are exploiting social networking Web sites such as MySpace, Facebook and Bebo to trick and defraud users, according to a report from McAfee Inc.
Fraudsters are befriending users to persuade them to provide personal information, open attachments and click on links and gain access to online bank accounts, a report McAfee conducted with forensic psychologist Clive Hollin shows. McAfee is the world’s second-largest anti-virus company, after Semantec Corp.
Online scams are the fastest-growing category of fraud in Europe, Santa Clara, Calif.-based McAfee said, citing the European Commission. Easy access to details such as users’ nicknames, hobbies and film preferences on social networking sites including News Corp.’s MySpace helps scammers trick users through familiarity, the company said.
“We believe that cyber criminals are going out and developing these pages and developing networks of friends to try and get information,” McAfee security analyst Sal Viveros said last Tuesday in an interview.
The “MySpace and Facebook generation” often don’t question the legitimacy of e-mails and have been hit by identity-theft scams and other fraud, McAfee said.
Criminals are deceiving many types of Internet user, not only the inexperienced, the company said.
The number of fraudulent Web sites designed to get users to divulge personal information has grown almost ninefold in the first half of 2007, Viveros said.
Criminals can also take personal information and contacts from social networking sites and sell the details for use in mass spam attacks, McAfee said.
PC users are lured into opening dangerous links and e-mail attachments that appear to be sent by friends, McAfee said. Some spam software can take address lists from messenger accounts, enabling fraudsters to use them to target people and get them to reveal information or download harmful software. “Depending on the circumstances, virtually anyone could be conned,” Viveros said.
Internet users who are particularly vulnerable to fraud are newcomers to the Web who are unaware of the dangers, people tempted by the promise of great deals and those searching for jobs or relationships, McAfee said.
An example of an online scam is an e-mail sent to thousands of Internet users that read “legal action against you,” McAfee said. The message accused recipients of sending an unsolicited fax and threatened them with a lawsuit, and its attachment contained a computer worm.
“Like con men on the street devising new tricks, Internet fraudsters need a never-ending supply of ways to exploit victims online,” Greg Day, security analyst at McAfee, said in the report. “Bypassing mental barriers rather than software security is an increasingly evident tactic of cyber criminals and one that will only continue to become more prolific in the raft of online attacks.”
