|Page 2 of 2 <|
Mining profiles for sensitive information is relatively simple, said Paul A. Henry, vice president of strategic accounts for Secure Computing Corp. Fraudsters can download software that scans millions of profiles looking for key pieces of information, such as addresses, birthdates and friend's names, which makes it easier for them to "tap into your network of trust."
Dan Hubbard, vice president of security and research for Websense Inc., a San Diego company that recently found a site mimicking MySpace, said interactive sites easily allow spear-phishers to send messages containing malicious code that infects the computer with a virus, which then tracks every user name and password entered on other legitimate sites.
Teenagers and young adults, who make up the bulk of visitors to networking sites, are seen as easy targets because they are typically more trusting and less security-savvy, Huger said.
"Then parents use the same computer for their banking," he said. "It could be months before they realize their bank accounts have been hacked."
Users of Google's Orkut may still be unaware they were infected by the worm that spread through the network, said Frank Cabri of FaceTime Security Labs, which discovered the scam June 19.
Although the number of attacks on social networking sites is still far smaller than those that travel through instant messenger programs and e-mail, the sites have beefed up their security and warn users to check the Web address before entering their log-in information.
"We have told [users] that we will never ask for your user name and password in an e-mail," Facebook spokeswoman Melanie Deitch said. "We let people know the spam is not from us."
Earlier this year, MySpace hired someone to oversee the site's security operations.
Cabri said he expects the number of attacks to increase as more social sites incorporate instant messaging, a draw for Internet thieves.
"I don't think we're going to see this slow down," he said. "It will accelerate."