Spam, phishing and malware attacks on social-networking sites in 2010 were double in number from the year before, according to a new review of cyberthreats.
Released Wednesday, Sophos’ Security Threat Report 2011 explains that the rapid growth of social-networking sites — most prominently Facebook — has made them sitting targets for attackers.
Sophos asked social-networking users whether they’d received spam, phishing e-mails or malware attacks through last December. Sixty-seven percent of people reported spam (up from 33.4 percent in April 2009); 43 percent phishing messages (up from 21 percent); and malware attacks jumped to 40 percent from 21.2 percent.
"Once you break into a Facebook account, it’s a treasure trove," Graham Cluley, senior technology consultant for Sophos, told SecurityNewsDaily. "The user has laid out their personal information for you, including a long list of friends and relationships."
All a hacker has to do is trick the user into divulging some of that personal information, and it can then be sold to advertisers or used for any number of criminal acts, including identity theft.
The fact that Facebook does not screen third-party apps is a serious security flaw, the report notes. The policy allows rogue applications to roam freely throughout the site, preying on a pool of 600 million people.
[ more ]