Social networks providing fertile ground for targeted attacks

Social networking users are making themselves easy prey for targeted attacks, according to security firm Trusteer.

The company's recent study of LinkedIn showed that users are more likely to fall for malicious links and phishing sites within messages disguised as social networking notifications.

The study found that 68 of 100 LinkedIn users sampled in the study followed a specially crafted link embedded in a fake notification email sent by the researchers.

Trusteer chief executive Mickey Boodaei told V3.co.uk that the findings underscored just how effective social engineering attacks such as fake notifications can be on even experienced users.

"The results were pretty surprising. We picked a group of people that we believe are fairly educated about security, people who understand how to be safe on the internet," he said.

Social networking sites have been singled out as vectors for targeted attacks owing to the amount of personal information that can be gleaned from user profiles and postings.

Boodaei suggested that social networks can also be attractive to attackers because users are not as wary about possible malware and phishing attacks that pose as alerts.

He explained that while users have grown vigilant about phishing scams portraying banks and financial institutions, social networking notifications are largely trusted.

Additionally, Boodaei noted that because users often list their company name and position on their profiles, the sites can be perfect points of entry for attacks on enterprise networks.

"The effort that enterprises have put in place were all around their servers and the perimeter, but now what we are seeing is the criminals coming from the back end, from the employee computers," said Boodaei.

"We strongly believe that this attack pattern, because it is very easy and successful, is going to be the number one threat that enterprises are going to see in the next couple of years."