Cybercriminals are using phishing tactics to gain information from social network sites to tap into corporate networks to steal sensitive data that can result in breach of privacy lawsuits and the need for Cyber Liability insurance for both techs firms and regular businesses alike.
Here are the steps in the process:
- Cybercriminals purchase Facebook user names and passwords on websites at a cost of $75 to $200 per 1000 matching pairs.
- Cybercriminals enter accounts and get access to friends, emails, dates of birth, mother’s maiden names, home towns, and vital information from profiles and postings to start online conversations.
- Messages are sent to friends with information of interest (based on postings) that include a link to a website that results in a malicious executable file being placed on the recipient’s PC.
- Executable files contain keystroke loggers that capture all user keystrokes on a periodic basis that are emailed to free Gmail or Hot Mail accounts that are set up by the Cybercriminal.
- Eventually, the user logs into the employer’s network through VPN or Citrix and the cybercriminal captures the user name and password.
- The cybercriminal enters the corporate network and probes for weaknesses such as those caused by failure to update security patches.
- A vulnerable server is found and breached resulting in the hacking of confidential information.
Source: Byron Acohido. “An Invitation to Crime.” usatoday.com. 04 March, 2010.