This is from a Press Release from the FBI today
No, Your Social Networking “Friend” Isn’t Really in Trouble Overseas
According to the Internet Crime Complaint Center (IC3), there has been an increase in the number of hijacked social networking accounts reported to http://www.ic3.gov.
One of the more popular scams involves online criminals planting malicious software and code onto to victim computers. It starts by someone opening a spam e-mail, sometimes from another hijacked friend’s account.
When opened, the spam allows the cyber intruders to steal passwords for any account on the computer, including social networking sites. The thieves then change the user’s passwords and eventually send out distress messages claiming they are in some sort of legal or medical peril and requesting money from their social networking contacts.
So far, nearly 3,200 cases of account hijackings have been reported to the IC3 since 2006.
Cyber thieves are also using spam to promote phishing sites, claiming a violation of the terms of service agreement or creating some other issue which needs to be resolved. Other spam entices users to download an application or view a video. Some of these messages appear to be sent from friends, giving the perception of legitimacy. Once the user responds to a phishing site, downloads an application, or clicks on a video link, the electronic device they’re using becomes infected.
Some applications advertised on social networking sites appear legitimate but install malicious code or rogue anti-virus software. These empty applications can give cyber criminals access to your profile and personal information. These programs will automatically send messages to your contacts, instructing them to download the new application too.
Infected users are often unknowingly spreading malware by having links to infected websites posted on their webpage without the user’s knowledge. Since the e-mail or video link appear to be endorsed by a friend, social networking contacts are more likely to click on these links.
Although social networking sites are generally a safe place to interact with friends and acquaintances, keep in mind these suggestions to protect yourself while navigating the Internet:
Adjust website privacy settings. Some networking sites have provided useful options to assist in adjusting settings to help protect your identity.
Be selective when adding friends. Once added, contacts can access any information marked as viewable by all friends.
Limit access to your profile to only those contacts you trust with your personal information.
Disable options, such as photo sharing, that you might not regularly use. You can always enable these options later.
Be careful what you click on. Just because someone posts a link or video to their wall does not mean it is safe.
Familiarize yourself with the security and privacy settings and learn how to report a compromised account.
Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions.
If your account has been hijacked or infected, report it to by visiting www.ic3.gov or www.lookstoogoodtobetrue.com.
The Internet Crime Complaint Center is a partnership between the FBI and National White Collar Crime Center (NW3C).