Develop the next killer application and it’s almost a 100% certainty that someone will find a way to hack, spam, scam, spoof, or phish your user base.

This is nothing new for most of us that have been in the technology space for more than a decade; we’ve seen you are a winner scam, online dating scams, the Nigerian scam, where fraudster poses as a foreigner that has lucked into millions, but needs help to keep their money secure, known as “419 scams” after the relevant section of the Nigerian penal code – have become well-known to most e-mail users. We all know someone, even seasoned computer savvy users that has fallen prey to the spam and phishing scams hitting email, LinkedIn, Twitter and Facebook.

Most applications like LinkedIn, Twitter and Facebook do not inspect, test, or validate the applications that are developed by third parties. The sheer numbers of applications that run on these sites make it near impossible to safeguard against these vermin that seek to use your personal data.

You have to wonder why sites like LinkedIn, Twitter, or Facebook do not do a better job of policing there third party application providers, that gain access to your user community or personal content. I would suspect that if these sites did any type of inspection, there would probably be some liability associated with any action they take to validate the content being removed from their sites.

In most cases, there is legalese that does not adequately explain how content these third party groups acquire will be used; therefore even if you read the fine print, there is no way of knowing how your personal data is being used.

Take for example the access to your address book extractors that a number of Social Networks use to increase your veiwership. If you accept a third party application without studying the fine print, then you are potentially opening your contacts to the world.

There are customized components of address book extractors, like infoaxe, as well as a number of other ‘applications’ named infoaxe, which gains access to your address book, and either knowingly or unknowingly propagates contact information to the internet.

The intent of these types of components was to make sifting through content (news, videos etc) that is relevant and interesting to you easier. Filtering your preferences through your friends, adds a bit more credibility to the content you were searching for. The only problem is that the content provider that uses this component can use your address book data for other uses, unbeknownst to you.

Hardly surprising with the growing popularity of micro blogging sites like Twitter; the mushrooming growth of this social networking site has given birth to a number of Twitter scams, sparking a corresponding rise in social networking scams.

Bit.ly, the service Twitter uses to shorten URLs to keep them under the service’s 140-character limit, recently announced partnerships with Verisign, Websense and Sophos that are designed to keep spam and malicious software off of the network.

According to researchers at Kaspersky Labs who have deployed a tool that examines URLs circulating in tweets; as many as one in every 500 web addresses posted on Twitter lead to sites hosting malware.

Blocking every single malicious link from Twitter is likely an impossible task, as these URLs get spread quickly in re-tweets, compounding the effect. Kaspersky, scanned about 30 million URLs to date.

It extracts URLS from multiple threads in Twitter’s public timeline and currently examines about 500,000 unique URLs a day. The Kaspersky application crawl through the sites URLs embedded in the message, and scans the content with Kaspersky’s high-end heuristic programs to detect malware. Of the URLs examined, between 100 and 1,000 a day are found to be hosting malware.

The two most popular URLs that the Kaspersky application found posted to Twitter directed users to online dating sites. One of the sites, getiton.com, is known to have hosted malware in the past, a spokesperson said.

On Facebook, meanwhile, people are seeing a barrage of messages from friends that say “just take a look at this link it and decide for yourself if you want to join [link].” A malware link will take the unsuspecting person to a site that appears to be hosting malware. Accounts that are generating the messages are likely compromised, and the owners should change their passwords immediately.

Spamming, scamming, spoofing, malware, and a host of other sins are not limited to LinkedIn, Twitter, and Facebook. Emails sent from people you know, claiming they can show you how you can make money by promoting other people’s products are on the rise. These site charge a modest sign-up fee, typically a couple of dollars, but when you pay online, typically with a credit card, you’re also signing up for a recurring monthly membership fee of around $40 for ongoing tips, or some other associated service.

A recent class action lawsuit filed against Webloylaty.com, a marketing company, which partners with over 150 e-commerce clients, claims that the company failed to disclose program enrollment details regarding monthly billing and transfer of billing information causing consumers to enroll in programs without full consent in violation of state and federal law.

Webloylaty.com and its clients deny any wrongdoing and the Court has not decided the merits of these allegations. The parties agreed to settle in exchange for a release of claims arising out of any of the allegations in the lawsuit.

Now, there are many legitimate membership sites that charge recurring monthly fees. However, what makes these an actionable scam similar to the lawsuit against Webloylaty.com and its clients is that the membership explanation is vague, completely hidden, or non-existent, and it’s almost impossible to cancel and get your money back. Unfortunately, since Webloylaty.com and its clients settled out of court, we will never know if their actions set any legal president.

With the increase in online ordering, ecommerce, and other online payment sites, no one is immune from phishing or malware. A recent scam that has been starting to proliferate throughout the Internet once again, involves the IRS, and often target small business owners, as they are the most common targets of IRS audits.

Pay Here and get ripped off

A new variation of the refund scheme may be directed toward organizations that distribute funds to other organizations or individuals. In an attempt to seem legitimate, the scam e-mail claims to be sent by, and contains the name and supposed signature of, the Director of the IRS Exempt Organizations area of the IRS. The e-mail asks recipients to click on a link to access a form for a tax refund and discloses banking or personal information that can be accessed with the content from the tax form the recipient filled out.

According to the IRS web site, the IRS does not send out unsolicited e-mails or ask for detailed personal and financial information. Additionally, the IRS never asks people for the PIN numbers, passwords or similar secret access information for their credit card, bank or other financial accounts.

If you receive e-mails requesting personal information from the IRS, regardless of how official the email looks, forward the e-mails to phishing@irs.gov.  If the IRS sends any official notice, it will be through the US Post Office. The IRS would prefer to have consumers validate the origin of the email, purporting to be from the IRS, to insure that it is an accurate request.

Phishing scammers’ tactics are improving – says Consumer Reports, with phishing e-mails now looking more convincing with better grammar, more believable stories and authentic-looking Web addresses.

Scammers have a number of different tricks for doing this but they mostly boil down to the same fatal step, getting you to click a link that takes you to what appears to be a sign-on page where you give them your password.

Last year, members of the American Airlines AAdvantage Program received e-mail purportedly from American Airlines promising $50 for participating in an online survey. But those who took the bait ended up on a fake site that asked for their personal information.

Based on the survey, Consumer Reports projects that problems caused by viruses and spyware resulted in damages of more than $5 billion replacement over the past three years.

Here are some quick tips to help you avoid scams:

1. Don’t believe any message that says you’ve won something.
2. Be very careful signing up for work-from-home services, and make sure you know exactly what you’re signing up for.
3. Never enter your user id and password on any sign-on page, from a linked email
4. Don’t use birthdays, house number, phone number, SS#, phone extension # for the password
5. Change your password frequently, and immediately if you think your account may have been compromised.
6. Check that the address bar to insure you are going to the correct site – the best way is to Google the site name and verify the URL by comparing the two
7. Be wary about clicking on links, even ones that appear to come from people you know.
8. Load anti spamming software, and keep it up to date. Make your Internet security software is up to date so that if you do click on a bad link it will alert you if it takes you to a malware site.
9. Run periodic virus scans on a regular basis, in the event you have to bring any of your services down keep all of the security measure in place.
10. Never give away confidential information about yourself in a tweet, email, or unfamiliar website, even if it all seems perfectly innocent.

No related posts.