On the socials, spam is typically used for plain old advertising, click fraud and bot recruitment. The attackers hijack accounts and use their address books to spread spam, worms, or other malware. In my last post, I told you about how my Twitter account was hijacked to spread spam; fortunately, that spam was relatively innocuous, simply meant to recruit more victims whose accounts could be hijacked. However, it could have been intended for more nefarious purposes; I caught it before it got beyond a few spam tweets.
No one on the socials is immune to this, even security wonks like me. The other day, I fired up Skype and was immediately greeted by “Software Update” who informed me that “WINDOWS REQUIRES IMMEDIATE ATTENTION” and it provided me with a link. Of course, it’s bogus and had I clicked the link, I would probably have been infected with a bot or some other malware.
The same rules that apply to email spam apply to spam posts, comments, tweets, chats, even Skype contact requests. Let me refresh your memory on a few of the important ones:
- Don’t accept unsolicited messages from someone you don’t know.
- Never click on links in unsolicited messages.
- “Hot” girls or guys are NOT looking to meet you–that’s a ploy to get you to click. Don’t!
- Your bank will not notify you by email if there is a problem with your account.
- Neither will your credit card company.