A discussion on Database Administration As A Service™ (remote dba) & other news items that catch my attention

Current Articles | RSS Feed RSS Feed

Nigerian Scammers Infiltrate FaceBook Accounts

Posted by Michael Corey on Mon, Nov 10, 2008 @ 09:35 PM
 | Submit to Digg digg it | Submit to Reddit reddit | Add to delicious delicious | Submit to StumbleUpon StumbleUpon | View blog reactions 

I became acutely aware first hand how important it is to protect oneself online, when my 20 year sons Identity was stolen. It hit home so hard, that I have written a number of blog entrys on it. Ntirety also has launched a practice that specializes in Database Security. Here are some of my past blogs....

You thought you had to worry about your identity being stolen what about that of your PC. Identity theft is a real problem and keeps growing.

On January 30th, 2008, I talked about how my son who is attending college Identity was stolen. Who would have thoguht they would steal the credit identity of a 20 year old. Click here to read the blog entry..

Identity Theft Hits Home - Lessoned Learned 

In that blog I give you many helpful hints on what to do when your credit identity is stolen. It loaded with a lot of useful tips.

On August 14th, 2008, I posted a video of someone using a SQL Injection attack to break into an Oracle Linux database. Seeing how easy it was is quite a shock. Face it there big money is stealing the information stored in an Oracle Database, SQL Server Database and any other database that contains credit card information, etc.

Click here to see the video of a SQL Injection attack..

 SQL Injection Attack Oracle LINUX Database 

 

What is clear to me, that you have to be very careful. The latest blog in on Nigerian Scammers who recently infiltrated Facebook. It comes to me via the 

Sydney Morning Herald

Cyber criminals target Facebook users

Asher Moses
November 10, 2008 - 2:27PM

Facebook has been infiltrated by Nigerian scammers and other cyber criminals who use compromised accounts to con users out of cash.

Now that even non-tech savvy internet users know not to respond to, or click on links in, emails from strangers, online thieves have turned to social networks and are finding it is easier to trick people when posing as their friends.

On Friday, Sydneysider Karina Wells received a Facebook message from one of her friends, Adrian, saying he was stranded in Lagos, Nigeria, and needed her to lend him $500 for a ticket home.

Adrian used relatively good English but, after chatting further, words such as "cell" instead of "mobile phone" tipped Wells off that she was not talking to her friend but someone who had taken over his account.

Using sites such as Facebook allows scammers to research and target victims more effectively and avoid having their messages blocked by spam filters, said Paul Ducklin, head of technology at Sophos Asia Pacific.

It is likely the scammer obtained Adrian's Facebook login details after he was infected with a virus delivered by email or in an infected web page.

There are a number of viruses which, once installed on a computer, send back to the hacker a detailed log of everything entered using the keyboard, including online banking details and passwords for services such as Facebook.

Wells played along with the scammer, who asked her to transfer the money into a Western Union account.

"Naturally I was concerned as, to all intents and purposes, this seemed to be legitimate," she said.

"I pretended that I would help, obtained all the details of where he was and forwarded them to both Facebook and the relevant authorities."

But while the Nigerian scammer used the compromised Facebook account coupled with social engineering tactics to try to convince Wells to hand over money, many are using compromised accounts to spread malware.

Typically, the victim receives a Facebook message from a friend with a subject such as "LOL. You've been catched on hidden cam, yo" or "Nice dancing! Shouldn't you be ashamed?"

The body of the message contains a video clip link that appears to go to a legitimate site such as Facebook or YouTube but, when clicked on, it takes the user to a bogus web page.

Before the users can play the video they are told they need to download a video player upgrade, which is in fact a password-stealing virus.

The next time the victim logs into Facebook the malware-laden message is sent to all of their friends and the infected link is automatically added in comments on friends' pages.

Other less sophisticated attacks on Facebook members use spam emails, some appearing to come from Facebook itself, to spread viruses.

In September security firm WebSense reported on spam emails, purportedly sent from an @facebookmail.com address, that tell the victim they have received an invitation from Facebook to add a friend.

"The spammers included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse," WebSense said.

To read the Original Article...

Cyber criminals target Facebook Users

Posted Michael Corey,

Founder & CEO, Ntirety

www.ntirety.com

 

 

 

 

Tags: , , ,

COMMENTS

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

Receive email when someone replies.