Valentine’s Day is a favorite holiday of lovers — and hackers.
For years, cybercriminals have used Valentine’s Day as a way to spread spam and viruses using e-cards and offers of bogus gifts.
Today, hackers have another avenue of attack — social media.
That’s why Randy Abrams, director of technical education at Slovakia-based antivirus software company ESET, warns users to keep an eye out for anything that looks out of the ordinary around Valentine’s Day.
“Watch out for messages from friends that are not in their usual style of writing or conversation, especially if they have a link,” Abrams said. “If you get a message from a friend, talk to the friend before you click. That’s how you find out if the friend really meant to send the link.”
Because we don’t communicate the same way across all social-media platforms, hackers will use different methods to entice potential victims.
For example, Twitter has such a tight limit on message size that shortened URLs, which disguise Web links, are prevalent in all messages, good or bad.
Hackers will often use sensationalism in the message such as, “This is so cute!” or “This is really funny!” to encourage the recipient to click on the shortened URL.
Another approach, Abrams said, is a message received through a hijacked account. The message seems to come from someone you know, so there is an inherent trust in the message.
Abrams pointed out that in April of 2010, a hacker was selling 1.5 million compromised Facebook accounts. The odds are significant that at least one of those accounts belonged to a friend or a friend of a friend of yours — or it might have belonged to you.
And in February of 2011, rogue apps calling themselves “Valentine’s Day” and “Special Valentine” were roaming free on Facebook, duping users into taking money-generating surveys and opening up their friends lists so that the apps could spread further.
So if you think a friend’s account may be compromised, send a private e-mail or pick up the phone to ask if messages he or she sent are legitimate. And always ask friends to return the favor if they see suspicious behavior coming from your account.
Abrams also suggested avoiding the use of third-party vendors to send messages through social media if possible.
“For e-cards, stick with known vendors,” he said. “If you go to a gift shop and look at a greeting card, they have a website and they are in for the long haul. You can trust them.”
The bottom line is that the hackers are out to use you and your information to make money.
“If you click on a link, they might get paid for generating traffic to the website,” Abrams said. “If you fall for a phishing attack and give someone your password because you thought there was a problem with your account, they will steal your account and try to trick your friends into doing things that make them money. If you install an app or other software, they will take control of your computer and rent it out.”
Abrams made a suggestion for this Valentine’s Day. “The Web is a great facilitator, but never replaces a true heart-to-heart. Valentine’s Day is not about trivial clichés, it’s about true sharing. Talk to your friends and loved ones. Not just links, but real conversation.”
(© Sue Marquette Poremba, SecurityNewsDaily)
