How hackers use social media

Beware drive-by downloads!

Some social media users may be busy setting everything on Facebook to private. And coming up with LinkedIn passwords that a supercomputer couldn’t break after several security breaches – affecting Twitter, LinkedIn and eHarmony just to name a few.

Social media attacks can be particularly vindictive because they don’t just exploit vulnerabilities in your computer, they exploit your trust. According to a recent CNET article, social media hackers trick individuals into spreading malicious links to their friends. Social media attacks come in three major varieties: drive-by downloads, plug-in malware and survey scams.

Drive-by downloads

A drive-by download happens when you download a piece of software without knowing it, according to Cornell University. Malicious software can come disguised with otherwise good programs, or can even be disguised in normally legitimate banner ads. If a hacker compromises a friend’s social media account, the hacker can use the account to pass around legitimate-looking software that has malware hidden in it. Even companies have fallen victim to drive-by download attacks. For example, a hacker broke into Expedia.com and used the website to host ads that caused visitors to download malicious software in 2008.

Plug-in Malware

A plug-in scam tricks the user into downloading a bad program by appearing to be a required plug-in. Of course, instead of being a safe plug-in, the download is actually malware. An example of plug-in malware happened last year when a trojan targeting Macs was disguised as an update to Adobe Flash.

Survey Scams

Survey scams are nasty because they can lead to annoyances outside of your computer. They will typically claim to offer a highly valued item, but require users to fill out a survey that asks for personal information such as phone numbers, names and birth dates. Once the bad guys get your phone number, they can plague you with telemarketing calls or sign you up for premium text services.

A recent survey scam happened with the release of the popular video game Diablo 3, according to a Help Net Security article. These scams claimed users could download the game before it was officially released if their victims filled out a survey. Some of the surveys even required Facebook likes, so the links would show up on the user’s wall. Of course, the download link was bogus, and the only people that got anything out of the survey were the hackers!

Has your Facebook account ever been compromised by malware? Are you cautious about clicking the links your friends post?

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.