Justin and I study and work to reduce various forms of deviance and crime on social networking sites, and this recent article on CNN.com prompted me to talk about some of the issues therein.
The main thrust of the story is that cybercriminals are now using Facebook and Twitter to victimize unsuspecting individuals through “phishing” techniques, where targets click on a link and are taken to a site that convinces them to reveal personal information. This parallels the phenomenon of email phishing, where people receive what appears to be legitimate communication from their bank, cable Internet company, or an e-commerce site like eBay asking them to follow a link to fix a time-critical password/account/payment problem by typing in their private data.
The criminal usage of these links (and the convincing content that surrounds them) can be characterized as social engineering, which often involves some amount of emotional pressure to lead an individual to make a quick online decision based on invalid or unvalidated information. Undergirding these schemes is the promotion of urgency – basically saying that if you don’t click on this link and do the needful immediately, you’ll lose online access, or your reputation may be damaged, or you’ll suffer from other serious consequences.
The bottom line is that we need to make sure that we cautiously evaluate the legitimacy of the sites we visit from links within Facebook and Twitter. If you think you might actually have a password/account/payment problem on a site, go to that site directly (i.e., type the URL into your browser’s address bar) rather than clicking on a link to get there. Secondly, use your browser’s (Firefox, Safari, Internet Explorer, Opera) built-in anti-phishing features to verify the legitimacy of sites that you visit (whether directly linked from a social networking or microblogging site, or accessed another way).
Web 2.0 sites have provided us with many benefits, but are now being exploited to perpetrate identity theft and fraud. Carefully think about what you’re doing – and the validity of the information being presented to you – as you follow links across the WWW from these online environments.