Ask The Cableman

Cable questions Answered
Home      News & Events      News & Events 2
Print this pageAdd to Favorite

Facebook, Twitter crooks just a click away

By Stephanie Chen, CNN

Social-networking sites are a new target of online identity thieves.
Social-networking sites are a new target of online identity thieves.
  • The FBI reports nearly 3,200 account hijacking cases since 2006
  • Online scam losses amounting to $264.6 million reported in 2008
  • Facebook has automated systems that detect compromised accounts
  • creates blacklists of phony accounts

(CNN) -- If you're on Facebook, Twitter or any other social networking site, you could be the next victim.

Experts say cybercrooks are lurking just a mouse click away on popular social networking sites.

That's because more cyberthieves are targeting increasingly popular social networking sites that provide a gold mine of personal information, according to the FBI. Since 2006, nearly 3,200 account hijacking cases have been reported to the Internet Crime Complaint Center, a partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance.

It starts with a friend updating his or her status or sending you a message with an innocent link or video. Maybe your friend is in distress abroad and needs some help.

All you have to do is click.

When the message or link is opened, social network users are lured to fake Web sites that trick them into divulging personal details and passwords. The process, known as a phishing attack or malware, can infiltrate users' accounts without their consent.

Once the account is compromised, the thieves can infiltrate the list of friends or contacts and repeat the attack on subsequent victims. Social networking sites show there is ample opportunity to find more victims; the average Facebook user has 120 friends on the site.

"Security is a constant arms race," said Simon Axten, an associate for privacy and public policy at Facebook. "Malicious actors are constantly attacking the site, and what you see is actually a very small percentage of what's attempted."

Social Media Crimes

As some social networking sites experience monstrous growth, they are becoming a new -- and extremely lucrative -- frontier for cybercrime. Facebook says it has 300 million users, nearly the size of the U.S. population, and it continues to attract users outside the college student niche. From February 2008 to February 2009, Twitter, a micro-blogging site where users post 140-character messages known as tweets, grew 1,382 percent to more than 7 million users.

"They [cybercriminals] are very adept to using social engineering," said Donald DeBold, director of threat research for CA, an Internet security company. "Your friend is in trouble traveling in another country, 'I lost my wallet. I need help.' They exploit the curiosity aspect out of human nature."

A few decades ago, malicious software and viruses were usually the result of a prank, but Internet security experts say today's attacks are profit-driven. A study from the Indiana University in 2005 discovered that phishing attacks on social networks operated with a 70 percent success rate. These users had fallen for the scam, opened the foreign link and released personal information.

Cybercriminals are employing phishing and malware attacks for a number of reasons, including trying to redirect users to sites where profit is fueled by the number of visitors. They also try to elicit private information like passwords and bank account numbers to perform scams.

Early this year,Twitter experienced several phishing attacks in which a Web page that looked identical to the widely recognized light blue Twitter page was a hoax. The company warned users to double-check the URL to ensure they were visiting the correct site.

The Internet Crime Complaint Center received more than 72,000 complaints about Internet fraud in 2008 that were referred to law enforcement agencies for further investigation. These cases involved financial losses amounting to $264.6 million, an increase from 2007. Each person lost an average of $931.

"Most of us would want to help a friend in need, but if it's an online friend, and they want you to wire money, you should double-check," FBI spokesman Jason Pack said.

Security experts said it makes sense that cybercriminals are turning to social networking sites. Personal information is abundant on sites like Facebook and MySpace. Each time users give out valuable information like birth dates or addresses, they could be providing hints about their password, security experts say.

The American Civil Liberties Union has expressed concern about the information visible through Facebook quizzes and applications.

"They'll have access to all that information, so they can sell it, they can share it, they can do an awful lot with it," Chris Calabrese, legislative counsel for privacy-related issues with the ACLU, told in September.

Many Internet security experts consider the first virus attack on the PC to have occurred in 1986. By the early 1990s, viruses transmitted on floppy disks became ubiquitous. When the World Wide Web became widely available that same decade, viruses, worms and malware became problems in e-mail accounts, frustrating users who clicked on messages thought to be legitimate.

In the new millennium, the most common form of malware attack has become known as drive-by downloads. While surfing on Google or Yahoo, spyware or a computer virus is automatically and invisibly downloaded on a computer, requiring no user interaction for the computer to be infected.

"We are on the verge from shifting from the Web being the No. 1 victim of infecting to social network," said Mikko H. Hypponen, chief of research technology at F-Secure Corp. His company sells anti-virus software and malware protection programs. "It's going to get a lot worse before it gets better."

Social networks are fighting the aggressive attacks fromcybercriminals. Most sites have information pages dedicated to educating users about the risks of Internet scams. Users can become a fan of "Facebook Security" and receive updates on how to protect their accounts. One of the most common pieces of advice given by security experts is to change passwords frequently.

Facebook has also developed complex automated systems that detect compromised accounts. They spot and freeze accounts that are sending an unusually high number of messages to their friends. Company security officials said Facebook is a closed system, which can be helpful in erasing phony messages from all accounts.

At News Corporation's, the company creates blacklists of phony accounts to prevent people from clicking on a faulty link. Hemanshu Nigam, first chief security officer for MySpace, said the firm warns about suspicious links and educates users about the harm phishing and malware attacks can bring. "We are prepared for them," he said.


Cable TV prices are on the rise, but consumers complain there still isn't enough flexibility in the programming packages offered by cable providers.

That could change if the Federal Communications Commission and TV distributors Cablevision and AT&T have their way. Last week, FCC chairman Kevin Martin told a forum sponsored by the U.S. Senate Commerce Committee, which has been examining indecency on radio and television, that consumers could have more choice in what they view for cheaper prices if operators would sell content a la carte.

According to a new report from the FCC that has yet to be made public, a la carte pricing could actually reduce monthly cable bills for many consumers while also providing more control over what channels they watch at home.

News of the FCC report comes just as many large cable operators across the country announced that they are raising rates again for their service. Starting in January 2006, Comcast will bump up the price of its most popular cable package by 6 percent. Time Warner, the nation's second-largest cable operator, plans to raise its rates an average of 3 percent for its expanded package and 2 percent for its limited basic. And Cablevision will raise rates an average of 2 percent.

What's more, consumers--especially those with children--are becoming increasingly agitated by the amount of violence and sexual content that comes into their homes on channels they'd rather not receive as part of their subscription package.

"At the FCC, we used to receive indecency complaints by the hundreds," said Martin in front of the Senate committee. "Now they come in by the hundreds of thousands. Clearly, consumers--and particularly parents--are concerned and increasingly frustrated."

But content providers and most of the cable industry say that offering programming piecemeal will result in even higher prices and less choice for consumers. They argue that such a pricing structure would infuse enormous technical, marketing and transaction costs into the business. They claim that an a la carte model would require consumers to lease a separate set-top box for each TV.

They also claim that an a la carte pricing model would increase overall subscription rates and reduce diversity of programming, because many of the niche or special-interest channels today are bundled with more popular channels. If these less-popular channels are sold independently, they will become too expensive to offer. And if these channels go away, advertisers have fewer places to show their commercials. The losses in advertising would have to be offset by consumers paying more for their favorite channels.

"We can't comment on any new FCC a la carte report until it's released and we've had a chance to review it," said Kyle McSlarrow, president and CEO of the National Cable & Telecommunications Association (NCTA). "But previous and recent analyses were consistent in their findings that government pay-per-channel regulation would be likely to hurt consumers by increasing prices, decreasing choice and reducing diversity in programming, and it would do so in a way that violates the First Amendment."

The bundle quandary
The way the cable packages are set up today, families who may want basic cable for channels such as Nickelodeon and the Cartoon Network are also forced to subscribe to channels such as MTV or Fox's FX, which often show programs that may be inappropriate for children.

Martin, as well as several consumer groups, say it's time that consumers have more choice in which channels they subscribe to. They believe this will not only help control costs, but it also would allow consumers to subscribe only to content they want to watch.

"People are not satisfied with what cable companies are offering them today," Kenneth DeGraff, a policy advocate at Consumers Union, the publisher of Consumer Reports. "Families are being told they have to subsidize content they find offensive. And the cable companies keep raising rates. They may throw in a few more channels, but no one ever asks consumers which channels they want."

The idea of allowing consumers to pick and choose which channels they want to subscribe to is nothing new. Cablevision, a cable operator in the Northeast, has been advocating the change for years. And just this week, the firm reiterated its support of the a la carte option for customers.

"We do not believe in the long term that selling programming a la carte will be detrimental to either programmers or cable operators," Charles F. Dolan, chairman of Cablevision's board of directors, said in a statement. "On the contrary, our experience indicates a la carte will result in a more affordable service for all with more programming options."

AT&T, formerly SBC Communications, has also thrown its support behind the a la carte option. The company is currently upgrading its broadband network and deploying more fiber optics to be able to offer a paid TV service.

Get Identity Theft Protection Today!