Socially Engineered Attacks

Do you use the popular social Web site of I’m sure if you don’t, you probably know someone who does. Facebook is one of the best Web sites out there for keeping in touch with friends and family. You can share your interests, pictures, ideas and happenings with everyone you know on the site.

Now, I’m sure if you’ve read any of my other articles, you know I’m not writing this just to tell you how great Facebook is. The reason I’m talking about Facebook is because of a security issue that has popped up.

It seems as if hackers have found a way to get into your computer using Facebook. Now, don’t worry too much, because this isn’t some magic trick they’re pulling. Hackers are using a method called social engineering to pull off the attacks.

Here’s what happens: a hacker either creates a Facebook account or somehow steals someone else’s account. They then post messages on a very popular part of Facebook, called “the wall.” The message looks like it’s from a friend and it has a link to a funny video. If you click on the link, you’re taken to a malicious Web site that infects your computer.

It’s not a very complicated process. If I wanted to, I could make an attack like that happen. What makes this type of attack interesting is that no security software could ever protect you against this. That’s why it’s called social engineering. The only reason why the attack works is because the victim feels safe clicking on a link from a friend on Facebook.

The attack on Facebook is just an example of social engineering. This type of attack could happen anywhere: e-mail, newsgroups, other social Web sites, message boards, etc.

That’s why it’s so important to always be on the lookout for tricks on the Web. Sometimes it takes a computer genius to create a virus, but sometimes it doesn’t. Until next time, stay safe out there, my friends!

~ Gary