Photo of the Day
Shoutbox

sysmalakian: HAPPY NEW YEAR!
331 days ago

SabedLeepski: Surfin‘ Europe, for surf (related) gigs and events in Europe Big Razz https://sunb...
292 days ago

SHADOWNIGHT5150: I like big reverb and i cannot lie
225 days ago

SHADOWNIGHT5150: Bank accounts are a scam created by a shadow government
225 days ago

sysmalakian: TODAY IS MY BIRTHDAY!
212 days ago

dp: dude
193 days ago

Bango_Rilla: Shout Bananas!!
148 days ago

BillyBlastOff: See you kiddies at the Convention!
132 days ago

GDW: showman
83 days ago

Emilien03: https://losg...
5 days ago

Please login or register to shout.

Current Polls

No polls at this time. Check out our past polls.

Current Contests

No contests at this time. Check out our past contests.

Donations

Help us meet our monthly goal:

48%

48%

Donate Now

SG101 Banner

SurfGuitar101 Forums » The Shallow End »

Permalink Social Engineering on Social Network Sites

New Topic
Page 1 of 1

From the ACMTechNews. Something to be aware of.

Phishers Can Use Social Web Sites as Bait to Net Victims:
Informatics Study
Indiana University (05/24/07)

Popular social network sites such as Facebook and MySpace are being used by cybercriminals to gather personal information to create targeted phishing attacks, according to Indiana University School of Informatics researchers. In their study, "Social Phishing," the researchers established a baseline for the success rate of traditional and social network-based phishing attacks. Phishers steal personal information by sending authentic looking requests, either by email or instant messaging, asking someone to click on a link and submit their information on what looks like a legitimate Web site. "Phishing has become such a prevalent problem because of its huge profit margins, ease in launching an attack, and the difficulty of identifying and prosecuting those who do it," says associate professor of informatics and computer science Filippo Menczer. "Our study clearly shows that social networks can provide phishers with a wealth of information about unsuspecting victims." The study sent email messages to two groups of students asking them to enter their university ID and password. One group received an email from what they thought was a friend, while the other group received an email from a stranger. Only 16 percent of students who received an email from a stranger entered their information, while 72 percent of those receiving emails from "friends" gave away their information. Associate professor of informatics and member of the research team Markus Jakobsson says they were astonished by the 72 percent response rate. The researchers suggested some countermeasures to prevent phishing, including digital signatures on emails to verify the source, browser toolbars that alert users to spoofing attempts, spam filters that detect spoofed emails, and providing users with a secure path to enter passwords, alerting users that they are trying to authenticate to an unknown site. The study is scheduled to be published in the October 2007 issue of Communications of the ACM.

http://newsinfo.iu.edu/news/page/normal/5726.html

thank you, tuck. people seem to get too relaxed in the web environment, and this comfort level seems to breed a type of naive gullibility that can really wreck your info-life!

-dp

I have been noticing that MySpace and many forum logins are not SSL secured.

hey tuck---is this site secure? ssl secured? Paranoid

Well, no, not that I can see. So, in principle someone could extract your password from the packets as they passed by. (You do unsecured wireless? Log in from a work or campus network?) Once someone had your password they could log in as you and make all kinds of off the wall statements that would appear to come from you, and then ... uh ... Oh, never mind.

Anyway, don't use the same password for this site and your bank or work accounts, etc.

By the way, this isn't really Tuck. I bet him $10 I could guess his password, and he sent it to me to prove I hadn't.

Tuck
The study sent email messages to... students asking them to enter their university ID and password... 72 percent of those receiving emails from "friends" gave away their information.

Dumbasses.

Tuck
Anyway, don't use the same password for this site and your bank or work accounts, etc.

This is good advice. Do not use the same password for all your online activities. If you do, all it takes is one bad webmaster or a packet sniffer and bam they have access to all your online hangouts.

Site dude - S3 Agent #202
Need help with the site? SG101 FAQ - Send me a private message - Email me

"It starts... when it begins" -- Ralf Kilauea

Page 1 of 1
Top