10.4  Nontechnical Methods: From Phishing to Spam and Fraud                                     311

           current popular scams, categories of spam, originating coun-    Spam in Social Networks and in the Web
           tries, volume, and much more.                      2.0 Environment

                                                              Social networks attract spammers due to the large number of
             Spyware                                          potential recipients and the less secure Internet and social
                                                              network platforms. Spammers like to attack Facebook in par-
           Spyware is tracking software that is installed by criminals,  ticular. Another problem area is blog spam.
           without the user’s consent, in order to gather information
           about the user and direct it to advertisers or other third par-  Automated Blog Spam
           ties. Once installed the spyware program tracks and records  Bloggers are spammed by automatically generated commer-
           the user’s movements on the Internet. Spyware may contain  cials (some real and some fake) for items ranging from
           malicious code redirecting Web browser activity. Spyware  herbal Viagra to gambling vendors. Blog writers can use
           can also slow surfing speeds and damage a program’s func-  tools to ensure that a human, and not an automated system,
           tionality. Spyware usually is installed when you download  posts comments on their blogs.
           freeware or shareware. For news and a video titled “Ethiopian
           Government Spying on U.S.-Based Journalists” (2:23 min)   Search Engine Spam and Splogs
           of how some regimes use spyware against journalists, see
           Timberg (2014).                                    Search engine spam is technology that enables the creation
                                                              of pages called  spam sites that trick search engines into
                                                              offering biased search results so that the ranking of certain
             Social Networking Makes Social                   pages is inflated. A similar tactic involves the use of splogs
           Engineering Easy                                   (short for spam blog sites), which are blogs created by spam-
                                                              mers solely for advertising. The spammer creates many splogs
           Social networking sites are a vulnerable and fertile area for  and links them to the sites of those that pay him (her) to increase
           hackers and con artists to gain a user’s trust, according to a  certain page ranking. As you may recall from Chapter 9, com-
           study by Danish-owned IT security company CSIS.    panies are looking for search engine optimization (SEO),
                                                              which is conducted unethically by the above techniques.
             How Hackers Are Attacking Social Networks
                                                              Examples
           Hackers are exploiting the trusted environment of social net-  Some examples of spam attacks in social networks (social
           works that contain personal information (especially Facebook)  spam) are:
           to launch different social engineering attacks. Unfortunately,
           many social network sites have poor track records for security
           controls. There is a growing trend to use social networking   •  Instant messaging in social networks is frequently
                                                                  vulnerable to spam attacks.
           sites as platforms for stealing users’ personal data.
                                                                •  Cluley (2014) describes how  Twitter users are
                                                                  attacked by phishing attacks and spammers.
           Examples
           Here are some examples of security problems in social
           networking:
                                                                Data Breach (Leak)

              •  Users may unknowingly insert malicious code into   A data breach (also known as data leak or data loss) is a
                their profile page, or even their list of friends.  security incident in which data are obtained illegally and then
              •  Most anti-spam solutions cannot differentiate between   published or processed. There are many purposes for data
                real and criminal requests to connect to a network.   breaches. For instance, one person in the U.S. military used a
                This enables criminals to obtain personal information   USB to download classified information and then posted the
                about the members in a network.               stolen information on the Internet. For drivers of data
              •  Facebook and other popular social networking sites   breaches and how to protect yourself, see Goldman (2014a).
                offer free, useful, attractive applications. These appli-  For the most frightening data breaches, see  TechRepublic
                cations may have been built by developers who used   Staff (2015).
                weak security.                                  The discussion so far has concentrated on attacks. Defense
              •  Scammers may create a fake profile and use it in a   mechanisms,  including  those  related  to  spam  and  other
                phishing scam.                                cybercrimes, are provided in Section 10.6. First, let us exam-
                                                              ine what is involved in assuring information security.