Everyone knows that in order to be successful online you have to have visitors and buyers – makes sense right?
In working toward getting this site more visitors and thus more buyers (clients) I’ve studied many of the methods that some of the top Internet Marketing people have promoted. Building a community of readers is one way of getting and keeping visitors.
People like Frank Kern, Jeff Walker and many others promote using Web 2.0 to promote your site. They recommend and use sites like Twitter and Facebook. I’ll admit to having an account on both sites and I try to make some worthy posts on both, however, the security gnome inside me keeps wondering how safe are these sites. Okay, there’s no wondering, I know how safe they aren’t.
I personally know of many people who have been burned by fake emails purporting to be from someone they know, or someone who found them on Facebook, telling them to view a video online or view a document online only to fall victim to this social engineering tactic and become infected. When you see the amount of infected websites that I see everyday, you might be less likely to just click on any website.
For instance, Twitter has a message size limit of 141 characters. Many people will post a link on when they “Tweet” (ugh!). Often times, I’ve seen postings that use tinyurls. This is a service that allows you to place a very long URL into a shortened version that links directly to www.tinyurl.com, which then redirects you to the original link. Any cybercriminal could use this same service (and has) to masquerade their intended infectious website.
You see cybercriminals are extremely intelligent and crafty. They go where the masses go. If everyone’s going to Facebook, cybercriminals will be all over that site trying to find ways to use Facebook’s strengths to exploit the weakest link in any security strategy – human curiosity. I’ve seen emails with wording like, “Unless you really need to (fill-in the blank) , please don’t click on this link as we can only handle a certain amount of traffic.” And I’m sure they get a lot of people clicking on that link just because they want to know what’s on the other side.
I can’t emphasize it enough. You have to be wary of every email you get that looks like it’s from some social networking site. Every email.
While I agree with Frank Kern and Jeff Walker about using Web2.0 tools to promote your site, I also worry about all those unsuspecting Internet Marketing rookies that will undoubtedly fall victim to some scam running on one of those sites.
Back in December 2008, Facebook users were subjected to the Koobface worm. This worm infected many by sending bogus emails to Facebook users taunting them with subject lines like; “Check you out in this video”. When the user clicks on the link in the email, they’re either redirected to a malware delivery site, or told they need to download a file in order to view the video. The file downloaded is the infection.
Many Facebook walls had these same malicious links posted so anyone who visited that persons profile would at least be presented with the infectious offering.
In January of 2009, users of the social networking site LinkedIn were subjected to bogus profiles of some top name celebrities. Names such as: Beyonce Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek and Kate Hudson were among the list of stars with bogus profiles. People clicking on these sites were offered various temptations – each one an infectious present.
Anyone else have any stories about someone falling victim to a social networking, socially engineered attack?
Leave a comment if you have one.