by Xuan Bach & An Vu
Social networking sites such as Facebook and web-based email services such as Gmail are not as safe and secure as they seem to Internet addicts.
SecurityDaily, a Vietnamese network security company, announced on October 15 that hackers were exploiting a huge gap that enabled them to steal the accounts of hundreds of Facebook users.
The company makes use of the services of three white hats, or computer hackers who work to improve security for Internet users. The white hats are Le Duc Anh, SecurityDaily research division head, Le Minh Tuan, and Tong Van Toan.
These white hats claim to have discovered static html:iframe tabs, an application that an unknown third party developed and introduced on Facebook. This application reportedly creates malicious links that enable hackers to defraud Facebook users and steal their accounts, as well as lead them to malicious websites.
Such a thing did happen on the morning of September 5, when several Facebook users received messages on their wall, supposedly from friends, about "how to draw artistic photos at http://me.zing.vn/zb/".
Nguyen Thu Minh recalls what happened that morning, when she pressed an invite link on her Facebook page that promised to show her how to paint a beautiful portrait of herself.
"When I pressed on the link, I didn't know that it had automatically stolen my Facebook account," says Minh.
"After that, the code took advantage of my name to post fake messages on my friends' walls, requesting, among others, to borrow money. The code also followed other Facebook accounts in my friend list to carry out fraud."
According to SecurityDaily experts, when Facebook users mistakenly access a strange link, they will be moved to a page having the same interface as Facebook, but is in fact a fake sign-up page that resembles a default Facebook page.
"If users lack basic knowledge of information technology, they might fill in all of their personal information, including their usernames and passwords, on the website. This information will be immediately sent to hackers and enable them to steal users' accounts," reveals Anh, the white hat who discovered the gap on Facebook.
"We have warned the Facebook security team about this," says Anh.
"In the future, we are expecting more and various kinds of attacks like these. We recommend that users refrain from clicking on strange invitations shared or sent via Facebook. Meantime, they must increase their awareness of the consequences of signing up on a social network. Above all, users must remember that the safe link to Facebook is always http://facebook.com/ with the blue icon of 'F'."
On August 15, SecurityDaily issued a public warning about shared fake and malicious links. Through such links, attackers take advantage of famous events to deceive users by leading them to malicious software or malware.
MetaIntell, a mobile control company, has detected serious security leaks on Facebook that are endangering the safety and security of millions of token authentication or identity cards.
Experts call this activity database theft, which is committed by accessing social networks. MetaIntell has confirmed 71 of the top 100 free applications of iOS use affected codes, thereby creating a negative impact on more than 1.2 millions downloads.
"We recommend that users beware of unknown links on Facebook, even if sent by their closet friends, as they might get affected by malicious codes," Anh explains.
Nguyen Cong Cuong, Bkav R&D research director, advises users to re-check shared links sent to them with the alleged senders and sign in to one's Facebook account only on a website page that ends with facebook.com.
Last September 11, Tran Quang Chien, SecurityDaily chief executive officer, confirmed that five million Gmail accounts, 50,000 of them from Viet Nam, were shared on a Russian network forum.
"At present, there is no information on hackers' attacks on Gmail, even though there might be a huge number of leaked accounts," says Chien.
"To help users protect their accounts, we have built a verification tool at the address tools.mvs.vn. We also advise users to enhance account security and be sure to use a real Gmail address at Gmail.com. There are many ways to protect yourself from modern cybercrime, so let's start becoming smart Internet users from now on," Chien says. — VNS