As the holiday season approaches, shoppers hunt for the best bargains and parties kick off in full swing. Thanksgiving, Black Friday and Cyber Monday are almost here, each presenting their own type of temptation to you and to cyberthugs. But here are some security warnings whether or not you plan to drink and drive a keyboard this weekend--such as attack of the tricky hacked-friend Facebook bot. Have you had any strange conversations with online friends lately?
Right now as I write this, people are tweeting about bots that have taken over their friends' Facebook accounts. These bots have access to all the data of anyone connected to the hacked account. After the launch of Facebook new messages, which combines all personal communication like chats, texts, and emails in one place, security firm Sophos warned, "Facebook accounts will now be linked with many more people in your social circle - opening up new opportunities for identity fraudsters to launch attacks."
Most of these Facebook bots are hacked accounts in which your "friend" starts chatting with you and mentions the name of mutual friend before asking you to click on a link to take a quiz, play a game, or watch a shocking video. You might click for a friend, but these sites can be filled with malware. Some bots are clearly bots while other are friendly, relatively more advanced, and can even deny it's a bot. Use caution, ask a question that bots couldn't normally answer as in a Turing test. But this user reported the bot knew the name of someone from high school. Some of these chat bots are clever, but I don't think we are the point where we need secret passphrases with friends to be sure it's them - yet.
Installing BitDefender's Safego Facebook application would probably be a wise move before holiday shopping or any additional Facebook activity, but the app doesn't analyze malware distributed via personal messages. According to CNET, BitDefender published these statistics: 16% of malware on Facebook urges users to watch a shocking video, 15.4% of malware is linked to games, over 60% of malware attacks come from "notifications from malicious third-party applications," and 1/5 of Facebook users have malware in their news feeds.
Ironically though, before installation, Safego offers users an opportunity to a take a "personality quiz" or "who is your evil twin." Normally I would call this "survey spam" which is often malicious and warn users against taking them. Safego said it was "a joke." You can skip the quizzes and just go for the free Safego protection.
PandaLabs suggests not to underestimate cyber criminals this holiday shopping season. Cybercrooks have created fake advertisements, shopping carts and poisoned search terms in order to infect computers and steal personal data like credit card information, social security numbers, and other data that can be used for identity theft. PandaLabs said that 66% of the malware in their database are "trojans that specialize in sensitive data extraction." Panda Cloud Antivirus software is free.
Patrik Runald, senior security research manager at Websense, warned, "It is more likely to get an attack on your PC now while searching current topics like Black Friday than it would be searching for adult content," reported SearchSecurity. "The bad guys are trying to manipulate search results for the topics people are searching for. Then you are brought to a site that could compromise your computer and install a Trojan to steal login credentials."
This year, more people will shop by using mobile devices where you can't always see the full URL. Don't click on embedded links in advertisement sent via email. It's much safer to go directly to the site where you plan to shop. Make sure you only purchase on sites with HTTPS (SSL) even though it's still possible that sensitive data can be transferred to cyber criminals. Run anti-malware scans.
Even if you are in the mood to shop, it's unlikely you would drop $335,000 on a piece of virtual property like was reported by Forbes. But if you have been drinking, you might be feeling chatty on social networks where you need a clear head to make sure your "friend" is not actually a bot with some advanced AI to better scam you with phishing links.
Although Webroot launched Social Media Sobriety Test to help you protect your social media accounts from drunken posts that might later come back to bite you, it might also be a good idea to install it now. It may even help in case you have been drinking at a holiday party and then come home to shop online. You can setup custom URLs, besides the default social media sites such as Facebook, Twitter, Flickr, and YouTube.
It's similar to Gmail Goggles that has you solve five math problems after you click send to make sure you really wanted to send that email to your boss at 2 a.m. telling him what he could do with his job . . . or any other email that might later regret.
The Social Media Sobriety Test plug-in works for Firefox, Safari, Chrome and Internet Explorer. Here is a video tutorial. You set the hours when you might be intoxicated, and if you try to login to one of those sites during those times, you'll be asked to pass a test. There are five tests, ranging from simple like draw a straight line with your mouse, to not so simple. The test in which you must type the alphabet backwards in 60 seconds might even be something to help fully sober but excited shopaholics who need to cut back on spending. If you fail the test, however, the plug-in will post for you...like NAME is too intoxicated to post right now.
Be careful out there and Happy Thanksgiving!
This story, "Holiday Security: Even If You Don't Drink and Drive Your Keyboard This Weekend" was originally published by Computerworld.