Social networking is all about making connections with others, but being too social will come back to haunt you. Case in point – a new spam campaign is using information harvested on profiles from Facebook, Google+ and LinkedIn. The spammers hope that by personalizing their emails with the harvested information they will gain the trust of recipients, making them more likely to click on the included links and allow malware to infect their systems. Many of the messages look like they’ve been sent by friends of the recipients, but include only a link and perhaps a brief message asking them to check it out.
How do spammers get this information? Some of them create accounts and start sending out friend requests. Some even steal people’s profile photos and set up a clone account, pretending to be that person in hopes that their friends will send them friend requests. But mostly, they look for people who have foolishly refused to use the privacy tools given to them and leave their profiles set to public, often leaving personal info like phone numbers, addresses and email addresses out in the open for anyone to see.
Protecting accounts is as simple as not accepting friend requests from people you don’t know. For Facebook, activate their login notification tool. It will send you an email every time your account is logged into with important information like location and IP addresses. Yes, this can be annoying if you log in and out often, but it’s worth the minor inconvenience.