Nowadays, many of us receive e-mail invitations to join social networking websites such as Facebook, LinkedIn, or MySpace. These services make it easy for members to send out invitation emails complete with response links, and it is in their best interests to do so – as more friends sign up, these sites register higher visits and page views, potentially leading to increased advertising income.
While only a few well-known social networking sites used to exist, this number has skyrocketed, resulting in many more invitations in your e-mail Inbox. Even if you know the sender and name of a social network to which you’ve been invited, before you click on an invitation response link, take a second and consider that not all invitation e-mails are what they seem. Some fraudulent “friends” and “social networks” could have drastic consequences to your security and privacy:
1) Make sure the invite link actually goes to the social network website and not somewhere else trying to “phish” for your personal information! It’s better to copy and paste URLs into your web browser instead of clicking invite links, as there are many sneaky tricks to hide the true web addresses in e-mail messages.
Even when you copy and paste URLs into a web browser, before actually visiting the websites, look in the browser’s address bar for any text such as “redirect” or “goto”. These may be signs of someone trying to redirect you to a nefarious website.
For example, imagine getting the following link inside an e-mail message for a hypothetical “Google Social Networking Service”:
http://translate.google.com/translate?u=stopbadware.org&hl=en&ie=UTF-8&sl=es&tl=en
Since the e-mail claims to be from “Google”, and the web address contains “google.com“, this will take you to a page on Google’s website, right? If you visit the above link you will go somewhere else…
This misdirection link was just an example and fairly easy to detect. Real spam e-mails use lots of other tricks for obfuscating (hiding) true web addresses. Instead of copying and pasting links, it may prove even safer to just visit website homepages directly, skipping invitation links, and then asking senders to be re-invited as their friend.
2) Do you know the person sending the invite? Do you know the name of the social networking site? If you’ve never heard of neither, there’s a high probability the site or the member is spamming. Sign up to the site and be placed on the user’s “friend” list and your mailbox may be subjected to all sorts of unsolicited e-mail.
Just as responding to junk e-mail alerts spambots that your e-mail address is active, responding to junk social networking requests does the same thing.
If you do know the friend but not the social networking site, what’s wrong with sending a quick e-mail to your friend and asking them if their invite was legitimate? If it was, no big deal, but if it wasn’t, you might have alerted your friend to a problem they need to fix on their end.
3) Nefarious websites may be breeding grounds for spyware distribution. Visit the website with the wrong browser and/or wrong software installed, and your computer may become infected.
Think your computer, even with antivirus and anti-spyware software installed, cannot be infected? These software packages may be installed on your system, and the wrong version combined with a 0-day exploit (a previously-unknown bug that has not been patched) can allow spyware / malware to be installed (this is not an exhaustive list):
Internet Explorer
Macromedia Flash
Mozilla Firefox
Opera
QuickTime for Windows
RealPlayer
Safari
Shockwave
Windows Media Player
… And the list goes on.
4) When you access the social networking website, does it ask questions such as the following during the signup process?
* Social Security Number (a big NO-NO!)
* Name and password to another e-mail account so the site can notify all your contacts to join the social network (or nefarious sites can use your account to send e-mail spam to all your contacts UNDER YOUR NAME!)
* Mother’s Maiden Name (while legitimate networks may ask this for a “Security Question”, I would not provide it. This is one type of information miscreants can use to possibly get more information about yourself or sign up for credit or other offers in your name).
* Credit Card or Bank Account Number (unless it’s a LEGITIMATE SITE, you know it’s not a phishing site, and you’re signing up for subscription/premium services, NEVER, NEVER, NEVER PROVIDE THIS INFORMATION! This can cost you money, time, aggravation, and your credit rating.)
These are just four techniques nefarious social networks and/or members can use to violate your privacy, cost you time and money, and possibly harm your credit rating. While I’m not saying you should never join social networks, just be a little careful when you get invitations. Know who is sending you the invite and the legitimacy of the social network. Confirm the invite and visit the social network’s homepage directly. Plus, never provide too much information when signing up. Follow this advice to help increase your safety on the Internet while having fun joining your friends in social networks.
Copyright 2008 Andrew Malek.
Andrew Malek is the owner of the MalekTips computer and technology help website at http://www.malektips.com . MalekTips offers tips and advice to help keep you safe on the Internet, including how to detect e-mail scams, detect and remove spyware, and adjust web browser security settings.