Friending everyone is a dangerous thing

Remember how, when we were kids, our parents taught us never to talk to strangers?

Well, we can (and jolly well should) extend that principle to strangers on-line. Read on before uttering wheepling cries about this being one world and how being unfriendly is bad and you’ll see why.

McAfee’s Avert Labs predicts that cybercriminals will increasingly use social engineering techniques to get around antivirus and spam protection on users’ computers. These attacks are getting extremely sophisticated and even the knowledgeable will fall for them.

For example, a crafty spammer sent about 10,000 users (yes, ten thousand, a one with FOUR zeros behind it) of an e-mail that seemed to be from the site’s technical support department with an attachment purporting to be a list of business contacts they had asked for. Of course, the attachment actually was malware in disguise.

The latest issue of the bi-annual McAfee Security Journal outlines four major global trends for spamming.

First, cybercriminals will increasingly leverage personal information on social networking sites to more closely hone their attacks to their targets. This leads to the second trend, which is that the amount of socially engineered spam will skyrocket. Oh, and data breaches will help the cybercriminals.

The latest trend in data security is risk management, which can be equated to, “If I lose that much data, what will it cost me?” Enterprises can then do a calculation of the cost-benefit ratio and figure out whether or not the risk is worthwhile, much as Ford did with the Pinto, that tin can which was a ball of flame waiting to happen.

Then,stock scams will rise. Pump and dump scams will seem like nothing; Avert Labs researchers expect cybercriminals to falsely advertise security vulnerabilities in software or management changes at a public company.. Makes one wonder if the recent, untrue report of Steve Jobs having a heart attack was a scam, doesn’t it?

Lastly, the bad guys will capitalize on users’ desire to protect their PCs by faking security updates. McAfee has seen an increase in malicious software posing as applications from security vendors. Click on them and you’ve just gone on the highway to a very warm place.

How do you protect yourself against these scams? Use your common sense. Make sure your security software is updated, don’t click on e-mail from a stranger (“But I may miss out on a new friend,” you might wail. Yeah, or you might just have escaped a cybercriminal attack, sez I.); be wary of offers that come through e-mails, instant messaging systems or social networks that sound too good to be true; call your bank if you get a message purporting to come from it; and NEVER reply to anyone offering to take you off their mailing list.

Remember my old pal R. Heinlein’s TANSTAAFL principle: There Ain’t No Such Thing As A Free Lunch.

News Around the Web