In the early days of the Internet, e-mail used to be the major carrier of spam messages on the Web. Today, according to security solutions firm Sophos, spammers have shifted to social networking sites--where users are many and prevalent--in carrying out their dastardly deeds.
Compromised social networking accounts are just like PCs with botnets installed on them, according to Clarence Phua, ASEAN regional sales manager of Sophos. "[That makes] social networking accounts valuable to hackers, because they can use them to send spam, spread malware, and steal other identities," he explained.
Social networking sites--notably Facebook and Twitter--have recently been the target of cybercriminals due to their large user base. In February 2010 alone, market research firm comScore pegs Filipino Internet users visiting social networking sites at 90.3%, spending an average of 332.2 minutes (or roughly five and a half hours) on such sites, the highest in the region.
And where there are users, there are those who take advantage. According to Sophos's 2010 security threat report, at least 57% of social networking users have reported receiving spam via these services, a giant leap of 70.6% from a year ago.
Social networking spam, Phua clarified, include messages, status updates, and wall posts that promote a certain product. Click-jacking--or hiding the original spam URL through a URL shortening service--is also a prevalent method for spam.
Cybercriminals--who, Phua noted, have become more notorious and financially-driven over the years--are also the main perpetrators of malware over social media. Just recently, Facebook users were bombarded by their friends' compromised accounts with wall posts containing the "sexiest video ever," a malware that installs an adware on the user's browser once viewed.
Phua said 36% of social networking users have reported experiencing malware attacks through their profiles, likewise a jump of 69.8% from last year's data.
Because of the increased incidences of cybercrime through social networking sites, Phua advised CIOs to review their internal policy on social media as well as other Web 2.0 settings. He noted, however, that administrators shouldn't outright limit access to social media sites, for these can aid in employee productivity. "You [definitely] can't stop them [from accessing social media sites], but you can control," he added.