Latest news
Thousands of businesses and consumers are putting themselves at risk each day by publicly revealing their email addresses on Twitter.Websense monitored Twitter in January and found that users were publicly sharing email addresses connected with their inboxes, social media identities, and bank accounts – leaving them open to advanced social spear phishing attacks.
Social spear phishing attacks see criminals attacking harvested email addresses with information gleaned from monitoring users' Twitter conversations. Websense recommends that businesses update all acceptable use policies to warn employees of this threat.
Researchers found more than 11,000 email addresses were shared worldwide over a 24-hour period.
They also conducted geo-targeted searches and discovered that more than 30 email addresses were shared every hour in London.
Carl Leonard, Websense Security Labs comments: “Twitter users blindly think that email addresses are safe for public consumption. However, by publicly tweeting your email, you’re connecting it with your name, location and information on your social graph. Criminals can exploit this wealth of information by directing waves of highly targeted phishing attacks at individuals or businesses, masquerading as users’ friends or associates to encourage them to click on malicious links.”
“Together this collection of data can also allow criminals to compromise email accounts, paving the way for further malicious activity including accessing bank accounts, harvesting additional passwords and launching major spam campaigns.
“Businesses employing social media to communicate with customers need to consider ways to ensure that employees are protected from these new threats. Employers should re-evaluate acceptable use policies to discourage staff from sharing email addresses on Twitter.”
Gmail, Hotmail and many other free web-based email services are particularly under threat as cyber criminals can harvest social information on individuals via Twitter to break into these accounts. Business leaders, journalists and celebrities were all found to be publicly sharing this data.
Spotlight
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
Application vulnerabilities still a top security concern
Posted on 16 May 2013. | Respondents to a new (ISC)2 study identified application vulnerabilities as their top security concern. A significant gap persists between software developers’ priorities and security professionals’ concerns.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Hacking charge stations for electric cars
Posted on 15 May 2013. | Ofer Shezaf talks about what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety.
Is Microsoft is reading your Skype communications?
Posted on 15 May 2013. | The question of whether Skype allows U.S. intelligence and law enforcement agencies to access the communications exchanged by its users has still not been adequately answered by Microsoft.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
