Social Networking Security Threats

Twitter, LinkedIn and Google Plus

Twitter: Beware of shortened URLs

Twitter is a valuable source of real-time information. During the devastating Japanese earthquake and tsunami in March, Twitter users shared information and helped raise funds. Unfortunately, as often happens, scammers try to channel that goodwill for their own gain. A Twitter scam impersonating the British Red Cross asked tweeters to send money via MoneyBookers to a Yahoo email address in one Japanese tsunami charity scam. In another scam, emails resembling Twitter notifications included dangerous links disguised as a tsunami video. If you clicked on this link, malicious JavaScript could infect your computer.

Twitter users often shorten URLs via and other services to keep tweets within their 140 character limit. Hackers can also create shortened URLs to easily redirect you to malicious sites, since the URL itself gives you no indication of the site name. Although most shortened URLs are legitimate, if a link brings you to another page that asks for a Twitter or Facebook password, leave immediately.

Similar to Facebook scams, Twitter messages promise such curiosities as the “Banned Lady Gaga Video,” which takes users to a fake YouTube page. If you click the play button, a window pops up and seeks permission to access your Twitter account. If you grant access, you allow third parties to post messages in your name. Another recent scam, “TimeSpentHere,” promises to tell you how many hours you’ve spent on Twitter. Since it appears to come from a Twitter friend, you may think about clicking on it. But this rogue application actually wants your email address, which could be used later for a phishing campaign or spam.

LinkedIn: Threats remain low

Although cybercriminals more frequently target users of Facebook and Twitter, the business networking site LinkedIn is also a target.

The biggest threat with LinkedIn is data-mining. Cybercriminals take information about companies and whom they employ, and then use that information to launch spear phishing attacks. Corporate directories also exist online, providing a wealth of information for spear phishers.

Malicious LinkedIn invitation reminders pose another threat. These links can redirect you to a webpage that installs a variant of the Zbot malware (also known as Zeus) onto your computer. If you click, remote hackers can now compromise your computer and potentially steal your confidential data.

Google Plus: Early users demand privacy

Google Plus, a recently launched social network that aims to compete head-to-head with Facebook, is learning the ropes as far as privacy is concerned. Google currently restricts the social network to a "limited field trial" so they can gather feedback, patch bugs and identify privacy holes before making the site available to a mass audience. Privacy experts say that Google Plus is designed to let people have better control over privacy with respect to sharing with family, co-workers and friends.

In response to initial user feedback, Google Plus recently changed its privacy options around gender, so that users do not have to reveal their gender online.

download Try Sophos products for free
Download now