Well, this actually isn’t a lie, but a lot of what you read on the web are lies designed to steal money or identities. If you go to a web page and it says you need a new codec or new software to view a video or picture, or pretty much anything, the odds are that it is a trick to get you install malicious software (malware) Consider the following story: http://redtape.msnbc.com/2009/01/post-1.html#posts
You go to your friend’s Twitter, Facebook, Myspace, or whatever web site, and see an urgent plea for help. Your first thought should be that the friend’s account has been stolen. If you needed help immediately, would you really put it up on your Facebook page or would you be doing something else to obtain assistance? Yeah, I can see where someone might use Twitter, but it is a really bad idea to believe such a request is genuine. Remember, for a while all of the accounts on twitter were accessible using an easily guessed name and the password. If you haven’t changed the password on your social networking page in the past 3 months, I strongly encourage you to do so.
Attacks against social networking sites are common. There is also a commonality between these attacks and emails that claim to provide government grants, IRS refunds, and a host of other free or low cost things. In all cases it is essential that you verify the facts before you part with money or any personal information.
The easiest way to hijack social networking profiles is to guess the password. This is because most people use really, really bad passwords. Using poor passwords for your email or other web accounts can put your friends at risk. No matter how obscure you think a word is, it is still easy for a computer to guess the password. No single word in any language is a good password. Always use at least two words if you must use words. It is even better if you use a number as well as a word, and a large number, like 1010 is much better than a small number.
Numbers less than about 895,435,776,880,213,776,992,053 are bad passwords and numbers that large are hard to remember. 123 is one of the worst and most common passwords. 123elephantpig would be a fairly good password, relative to numbers or words alone. Elephant100pig is even better for a password. You can use words and you can use numbers, but use them both at the same time!
Requests for help, threats of legal action, or offers of free things should always be viewed with skepticism and always investigate before acting upon.
If you have any general security questions, feel free to email me @askeset@eset.com, but the address is not for product support, or requests for business relationships!
Randy Abrams
Director of Technical Education
