Facebook Security: Worms, Spam on Rise As User Data Becomes Currency of Hacker Economy


facebook securityAnother day, another Facebook security concern.

This time, the folks at McAfee warn us about several very important, very real security threats that are growing rapidly via Facebook. Consumers need to be aware of these developments when it comes to protecting their online privacy and security.

For instance, let’s talk about Koobface, a worm first discovered in 2008. It had been relatively flat for the last year. Yet it tripled in the first quarter of 2013 to levels never previously seen. The McAfee team attributes this resurgence to the cybercriminal community believing that social network users constitute a very target-rich environment of potential victims.

Global spam volume has also increased for the first time in more than three years. The rise is attributed to those “growth hormone” offers as well as more global spam coming from emerging markets.

And malicious URLs are also causing concern. The number of suspicious URLs increased 12% as cybercriminals continued their movement away from botnets as the primary distribution mechanism for malware. McAfee notes that a “drive-by download” has the advantage of being less susceptible to law enforcement action.

Currency of the Hacker Economy

“Cybercriminals have come to appreciate that sensitive personal and organizational information are the currency of their ‘hacker economy,’” explains Vincent Weafer, a McAfee senior vice president.

“The resurrection of Koobface reminds us that social networks continue to present a substantial opportunity for intercepting personal information. Within the enterprise, we see password-stealing Trojans evolving to become information-gathering tools for cyber-espionage attacks. Whether they target login credentials or intellectual property and trade secrets, highly targeted attacks are achieving new levels of sophistication.”

But why exactly is this happening?

Some security analysts say it’s related to the way people save their sensitive online information. For example, if a hacker steals a Facebook user’s log-in, contacts, and preferences, that personal data is fed to the “bad guys” who can then tailor a more sophisticated spam campaign.

To be fair, Facebook has a page dedicated to all things malware. But how many people can tear themselves away from playing Farmville to actually review the security tips? The Facebook team lists the fact that “sometimes scammers will set up a fake page to look like a Facebook login page, hoping to get you to enter your email address and password. Make sure you check the page’s URL (web address) before you enter your login info.” Facebook also warns users to “never click suspicious links, even if they come from a friend or a company you know. This includes links sent on Facebook (ex: in a chat or post) or in emails. If one of your friends clicks on spam they could accidentally send you that spam or tag you in a spammy post. You also shouldn’t download things (ex: a .exe file) if you aren’t sure what they are.”

These problems aren’t specific to Facebook, either.

A British telecom company says it will no longer make Yahoo Mail the default email service for its 6 million customers after major hacking, spam, and malware affected too many customers. Yahoo Mail has been “plagued by security vulnerabilities, and many customers have been under assault from hackers. They have complained of an increase in spam sent to their contacts and being locked out of their accounts by hackers who hijacked their passwords.”

The takeaway message? Be careful where you click, no matter what website you’re visiting!


Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Elaine Rigoli

Elaine Rigoli is PRIVATE WiFi's manager of digital content strategy.