Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
arranged in the same manner that other reputable<br />
news sites are arranged in also gives it<br />
an air of legitimacy.<br />
To illustrate the appearance of a reputable<br />
site, this particular campaign included a slew<br />
of supposed reader comments at the end of<br />
the article. Some sang the praises of the<br />
work-from-home system, while some provided<br />
slightly skeptical views, done to undoubtedly<br />
keep up the image of legitimacy. However, a<br />
look at the source code shows that these<br />
comments were written directly to the page<br />
and avatars were stolen from comment sections<br />
of various reputable Web sites, including<br />
the New York Times.<br />
Another feature that helps with the legitimacy<br />
aspect is the use of geolocation in order to<br />
customize the story and site to appear to be<br />
local, making it more appealing to the reader.<br />
The article in this example discusses the success<br />
of a woman named Mary Steadman,<br />
who just happens to be from the same town<br />
as that of the reader (thank you, geolocation).<br />
This is seen several times throughout the<br />
story, including the title of the publication,<br />
which is the [insert your state name here]<br />
Catholic Business Edition. The story continues<br />
to tell you how Mary “gets rich quick” using<br />
Easy Google Profit to post links on various<br />
Web sites, which most likely will aid the<br />
scammer later through Search Engine<br />
Optimization (SEO).<br />
ALTHOUGH SHORTENED URLS WERE MADE POPULAR BY TWITTER!S 140-<br />
CHARACTER LIMIT, SPAMMERS HAVE TAKEN ADVANTAGE OF THIS SIMPLE<br />
TECHNIQUE TO POSE MORE DANGERS TO THE UNSUSPECTING<br />
Although shortened URLs were made popular<br />
by Twitter!s 140-character limit, spammers<br />
have taken advantage of this simple technique<br />
to pose more dangers to the unsuspecting.<br />
One danger associated with URL shortening<br />
is that users are blinded to the actual URL<br />
they are about to visit, since they click on an<br />
unknown link, which may contain a malware<br />
download, phishing sites or other spamrelated<br />
material.<br />
Since the proliferation of Twitter, where shortened<br />
links are commonplace, caution seems<br />
to have gone by the wayside, and often times,<br />
even the savviest users are too trusting and<br />
they click on shortened URLs without hesitation.<br />
Scammers capitalize on this fact, leading<br />
us to the second danger of shortened URLs:<br />
bypassing spam filters.<br />
By shortening the URLs, scammers can bypass<br />
spam filters because the actual domain<br />
is not sent via e-mail. As a result, the malicious<br />
link is more likely to evade some filters.<br />
Currently, there are high volumes of spam utilizing<br />
many different URL shortening services.<br />
Finally, and something worth noting, shortening<br />
services are typically free, do not check<br />
the link or utilize any CAPTCHA technology to<br />
prevent abuse. Such ease of access allows<br />
cybercriminals to conveniently utilize automation<br />
built-in by spammers, thereby allowing<br />
them to abuse the service with efficiency.<br />
Twitter<br />
In this final section, we will delve further into<br />
the topic of Twitter security as the craze surrounding<br />
this micro-blogging site continues to<br />
grow. 140-character “tweets” provide a unique<br />
way to share information and an innovative<br />
way for spammers, scammers and hackers to<br />
once again trick the unsuspecting user.<br />
Recently, Twitter has faced scrutiny for lack of<br />
security, mostly surrounding password security.<br />
Not too long ago, a hacker made his way<br />
into a Twitter employee!s Yahoo account by<br />
guessing the user!s security question, and<br />
shortly before that, another Twitter employee!s<br />
administrator account password was hacked<br />
because he used the simple dictionary word<br />
“happiness.” This was followed with blog<br />
posts about the conquest, along with screenshots,<br />
showing that the hacker gained administrator<br />
access to such celebrity accounts as<br />
Aplusk (aka Ashton Kutcher), Barack Obama,<br />
Britney Spears, et al. All of this led to a media<br />
lashing about Twitter!s inability, or lack of<br />
www.insecuremag.com 36