Most readers of this blog should be familiar by now with the increasing trend for spammers, phishers and malware authors to take advantage of social networks to distribute their attacks and money-making schemes.
But it’s not just the likes of Facebook, MySpace and Twitter that are having their systems abused by criminal gangs in this way.
For instance, take a look at this message that was sent to the SophosLabs account on YouTube a week or so ago:
The message reads:
Hello SophosLabs , a friend of yours told me you like facebook quite alot and i thought you would want to check out the new Facebook VIP area. You get plenty of free stuff, for doing nothing and for every survey you participate in you get £20 or $35. And you also get free tickets to venues of your choice, no questions asked.
Facebook and Youtube are doing a partnership, so along with this offer you get premium access to Youtube areas, for example you will be able to watch official youtube videos up to a week before they are published, not only that, you will get unlimited mailbox usage along with free gifts from youtube.
The link given in the email has now been taken down, because it broke the terms of service of the website it was hosted on, but it was clearly designed to trick users into handing over personal information in the hope that they would be given access to a special “Facebook VIP” area.
Hopefully most of us work day-to-day in IT security would feel our sixth sense alarming as soon as we received a message like this, but can you be sure that all of your users would be so sceptical? Or would some of them blindly click on the link – and potentially put themselves and your company at risk – in their hunger for special privileges on Facebook?
The email is far from professionally presented, but that’s no guarantee that someone in your organisation wouldn’t be tempted to take a survey in the hope that they might receive free tickets, premium access and a monetary gift.