5 Facebook, Twitter Scams to Avoid

According to research recently conducted by security firm Webroot, approximately three in ten social network users have experienced some form of a security attack, such as a virus infection or a phishing scam, on a social network in the last year. As the popularity of these social networks explodes, and more organizations ease restrictions among employees (See: ), they become more attractive for criminals seeking access to private information that can be used for profit. CSO asked two social network security experts for some of the latest scams found on Facebook and Twitter, and how to recognize and avoid them (For more tips to stay safe see: Seven Deadly Sins of Social Networking).

Secret details about Michael Jackson's death! Celebrity news will always be used in criminal ploys because scammers know that many people love gossip. The recent death of Michael Jackson is already spawning bad emails that contain malware in their attachments, according to several security firms, including Sophos. Graham Cluley, senior technology consultant with Sophos, predicted immediately following Jackson's death that cyber criminals would soon start to take advantage of the news to pull off scams.

Typically, malicious Facebook and Twitter messages relating to celebrity news contain links that claim to have "secret" information. In the case of Jackson, Cluley said he has heard some of the lures include promises of songs by the King of Pop that have never been heard before or new details and pictures of Jackson's death. However, the link to the information then typically prompts the user to download an update of Adobe Flash. Of course, instead of an update, users end up with a bot Trojan or other piece of malware installed secretly on their computer.

"Perhaps one of the most famous of these is Koobface," said Cluley. "There have been many iterations of that designed to steal information from your computer. Once they have compromised your computer, they can use it to send spam, install spyware, steal your identity, or launch denial of service attack."

The Jackson death is only one example, said Cluley. Past celebrity scams that have used this ploy included one that had the headline "Paris Hilton tosses dwarf on street."

I'm trapped in Paris! Please send money. CSO reported details of this scam, often called a 419 scheme, several months ago (See: 9 Dirty Tricks: Social Engineers' Favorite Pick-Up Lines). But it continues to make the rounds on Facebook, according to Cluley, and fools unsuspecting users.

It goes like this: You are on Facebook, when a "friend" uses the Facebook chat feature to send you an instant message. Sometimes it might be a message in your inbox. Either way, the "friend" informs you that they are trapped in some foreign country and have been robbed or have lost their wallet through some other unfortunate incident. They need you to wire money quickly to help them get home. However, on the other end is a person posing as your "friend" that has hacked into your actual friend's account.