Malware, phishing and spam targeting Facebook and Twitter users has increased significantly, according to Sophos’ Security Threat Report 2011.
Sophos polled users, asking if they had received spam, phishing or malware attacks on social networks.
- It found that 40% of social networking users surveyed had been sent malware via social networking websites, a 90% increase since April 2009.
- The number of those who said they had been spammed on social networking websites doubled compared to two years ago, with 67% now saying they had received spam.
- 43% had also received phishing messages – more than double the figure in April 2009.
While 82% of those surveyed felt that Facebook posed the biggest threat to security, Sophos found that the ‘onMouseOver Twitter worm’ was the biggest social networking security incident of 2010.
Sophos’ report looks at the use of ‘social engineering techniques’ on social networks, which trick people into compromising their online security and personal information. This might include opening an email attachment, clicking a button, following a link, or filling in a form with personal and sensitive information.
Sophos has come up with ten tips to help you avoid falling victim to social engineering techniques:
- Remember that if something sounds too good to be true, it probably is.
- Ask yourself – why would you be singled out for a windfall or other special treatment out of the millions of other internet users? If you can’t find a good reason, it’s probably a scam.
- Don’t believe everything you read. Just because an email or website is presented attractively doesn’t mean that it’s telling you the truth.
- Be patient. Too many users end up being victims of internet crime because they don’t stop to think, but instead act on impulse by clicking on an attractive link without thinking about the possible consequences.
- Unless you’re certain of a person’s identity and authority to request such information, never provide your personal information or information about your company/organisation.
- Don’t reveal personal and financial information by email. Be wary of emails that ask you to follow a link to enter such information.
- If you think an email may not be legitimate, attempt to verify it by contacting the company or organisation directly. But don’t use the contact information provided in the email to make contact – it could be bogus. Look up the organisation’s contact information yourself.
- Double-check the urls of the websites you visit. Some phishing websites look identical to the actual site, but the url may be subtly different.
- Be cautious about sending sensitive information over the internet if you’re not confident about the security of the website.
- Be suspicious of unsolicited phone calls and emails that ask for information about you. It could be a scammer calling.
Please note: Action Fraud is not responsible for the content on external websites.
To report a fraud, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.