Facebook users beware
Greetings
Today we will cover how nefarious cyber actors are using Facebook mail to target and entice users to
click on a link. I’m sure a lot of you are well aware of phishing scams that are either sent to your personal or corporate email accounts. The security industry has and continues to educate on the importance of not clicking on those types of emails. Now with the rampant adoption of social networking such as Facebook, you now have the ability to receive Facebook mail. One could argue that it’s not traditional email but that does not matter as this has been an effective way to distribute malware and phishing attacks. Facebook statistics indicate that they have over 800 million users and to a bad cyber actor they can count on a percentage of users that will click on some form of malware.
click on a link. I’m sure a lot of you are well aware of phishing scams that are either sent to your personal or corporate email accounts. The security industry has and continues to educate on the importance of not clicking on those types of emails. Now with the rampant adoption of social networking such as Facebook, you now have the ability to receive Facebook mail. One could argue that it’s not traditional email but that does not matter as this has been an effective way to distribute malware and phishing attacks. Facebook statistics indicate that they have over 800 million users and to a bad cyber actor they can count on a percentage of users that will click on some form of malware. According to an article with research provided by BitDefender, almost 97% of Facebook and Twitter users “will blindly click on a link without checking for the presence of malware”. As a security expert, that number isn’t surprising as we sometimes might get a false sense of security with having end-point and network security devices in the corporate network. However, sometimes that’s not enough, meaning education and awareness is paramount in reducing your risk profile. The following is a real use case of Koobface that was classified as a computer worm but also categorized as a Botnet. Since Social Networking is being allowed in a lot of corporate environments, it’s important that you educate your workforce on examples I’m about to show you.
Be vigilant
I can’t stress enough on the importance of being proactive and not clicking on embedded links in Facebook and other online social networking sites. Not only does this increase the risk of compromise to critical assets within the corporate infrastructure but also personal identifiable information on your home computer.
Stay tuned
