When friends can be your worst enemies

Posted on August 27, 2008 - 15:26 by egeorge

Think a friend's latest post on your Facebook wall is a little odd? Trust your instincts. Social engineering scams are on the rise.
The latest round of attacks on Facebook include messages and comments on users' walls that appear to come from friends. The fake messages include seemingly irresistible bait - a claim that a video of you in a compromising position has been posted is one of the currently popular lures. If you follow the link in the message, the page you're taken to could infect your computer with "drive-by" malware that can download without your permission. In other cases, the page might claim that you need to download an additional plug-in to view the video. You guessed it: that plug-in turns out to be malware.
It's hard to protect yourself against this kind of attack, when our assumption is that messages from our friends are trustworthy. But think back to the early days of email viruses. Remember being warned not to open an unexpected attachment, even from a friend, without checking that your friend really sent it? If you receive a message that just seems odd - maybe it doesn't sound like your friend's normal writing style, or your friend isn't usually the type to be snapping videos at drunken parties - check it out with the friend before clicking the link. If their account has been compromised, you'll be protecting your friend and their entire network, as well as yourself, by letting them know there's a problem.
Want to read up on the latest social network scams? Kaspersky Lab has a post about the current Koobface worm on Facebook and Myspace, and Trend Micro blogs about a similar social engineering trick targeting users of MSN Live Messenger.