USA Today ran an interesting story about how cybercriminals are using social media in greater numbers to attack users. What started as a trickle last year has quickly sprung to an open fire hydrant, as criminals turn to low-paid grunts to crack captchas.According to the USA Today:
To carry out many of these automated attacks, cybercriminals first must overcome "captchas," the distorted letters and characters that users of an e-mail or social-networking account are required to type to complete certain online forms. For years, captchas have helped to stop or bog down automated programs aimed at creating, among other things, e-mail accounts that promote scams such as fake computer virus protection and bogus accounts on social websites that can be used to collect personal information on legitimate users.
Now, security specialists say, a growing number of captcha-breaking groups are using real people to type in captcha responses for cybergangs around the world. This is allowing the gangs to create fake e-mail and social-network accounts by the tens of thousands - and use them as the starting point for a variety of cyberscams spread by e-mail and instant messages.
This USA Today story is an interesting story, and worth your read.
My real concern isn't the obvious evolution of phishing attacks taking place here, or the fact that thieves are predictably working circumvent a security control. No. It's the heightened risk of highly targeted attacks that all social network media makes possible.
In the coming months and year ahead - figuring out ways to vet online social network profiles is going to become crucial. Is that person trying to connect with you on Facebook really a long-lost friend from high school, or someone who knows something about your life's history - and is using that information against you?