Official looking emails and socially engineered enticements leveraging our fascination with Facebook, My Space, and Twitter are just too hard for some people to resist. Facebook and My Space scams are notoriously effective at getting people to click on a link which takes them on a one way trip to the infected website. Heck who wouldn't want to see a "funny" video of themselves on Facebook! Sign me up! But, sadly, instead of yukking it up over a funny video, you find yourself staring at a fake anti-virus warning that just won't go away! What a buzz kill!
What's an IT service provider to do? Most people are still thinking like it is 2002 (ancient history) when it comes to the transmission of malware. I find that a significant percentage of people still think if they don't open email attachments they're safe! From my perspective, there are two things we professionals must continue to do (over and over and over):
- Educate, educate, educate....teach users how malware is transmitted and how to avoid falling prey to a well crafted, socially engineered, correctly spelled, ruse which takes full advantage of a raging Facebook (My Space, Twitter,...) addiction.
- Install security software that provides some form of website reputation screening or scanning.
Man, it's a constant battle out here!