Old security threats continue to evolve

Social networking sites are new targets for cybercriminals but users still need to beware of previous security threats such as vishing and spim, caution security experts.
Written by Liau Yun Qing, Contributor

While social networking sites are now targets for cybercriminals, users still need to be alert of older security threats that have evolved with advanced technology, advice security experts.

With the growing popularity of social networking sites, cybercriminals see users on these platforms as ideal targets for identity theft and vehicles for spreading malware.

But while users should be wary of these emerging risks on social networks, they should not let their guard down against previous security threats that target other platforms such as telephone and instant messaging (IM).

Paul Ducklin, Asia-Pacific head of technology at Sophos, noted that cybercriminals can still exploit the telephone to spread voice-based spam and run scams as well as vishing. In vishing, which is a variant of phishing, fraudsters use stolen identities to set up voice-response systems and collect local VoIP (voice over Internet Protocol) phone numbers.

Ducklin told ZDNet Asia that cybercriminals spam users and trick them into listening to recorded advertisements guised as voicemail messages. These tricksters also use "missed call" spamming tactic where they would hang up immediately after the phone rings, in hopes that the user will return the call only to listen to a recorded advertisement.

He said phone spamming incidents are on the wane in Sydney where he is based, but cybercriminals are turning to social networking sites to lure people into spam and scams.

He also pointed to vishing as a security threat that is still relevant today, noting that he still receives recorded messages from unsolicited callers, though, only occasionally. Returning such scam calls costs time, effort and money, he added.

In a previous ZDNet Asia report, Jim Dowling, Sophos director of sales for Asia, noted that vishing could lead to serious consequences when deployed alongside caller ID spoofing, where calls are made to seem like they come from a trusted source.

Ducklin cautioned users against returning calls and messengers unless they are certain of the caller's identity.

Instant messaging threats
While threats related to IM have been circulating since 2001, cybercriminals are now combining information gathered from social networking sites and IM platforms to bait users into clicking links that prompt the victim's computer to install malware, such as the recent attacks that targeted Google.

Spamming via IM, or spim, occurs because users place too much trust on "friends" and "buddies" online, even when they don't know who these people are in real life, said Nicholas Tay, Asia-Pacific regional director for FaceTime Communications.

These users do not think twice about clicking on links "friends" or someone posing as their friends send, Tay said in an e-mail. "A successful spim attack could lead to a client list being leaked, not to mention the potential loss in [brand] reputation and a hefty fine from an industry body," he said.

Just last month, Microsoft secured an injunction against a Hong Kong-based company requiring to stop spimming customers and contacts of Windows Live Messenger and pay the software vendor a settlement amount.

Editorial standards