Low-Tech Attacks on The Rise
Phishers are re-working old attacks and coming up with some variations on past attacks as they continue to try to scam social networking site users. This isn't new, but as Symantec points out, the attacks are on the rise.
Zulfikar Ramzan describes a new type of con:
One example is a new "name game" that appears on a popular blogging site. Participants in the game are asked to reveal some tidbits of personal information about themselves (for example, the street they grew up on, or their mother's maiden name). The game then conjures up a new "name" for that person based on his or her attributes. It all seems to be in good fun until you realize that the operators of the "game" have managed to collect some potentially lucrative information about you. This same type of information is often used by legitimate websites to help further authenticate you or to help you change your password if you forgot it.
Social networking sites are in the best position to detect these types of attacks. Attacks are likely automated so there won't be much variation in the text and patterns of exchange back and forth with users. The same kinds of techniques used to filter email phishing could prove useful in the social networking space.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
