The next time you see an ASCII art helicopter in the comments of a YouTube video could be your last. The Google-owned video-sharing giant announced recently that it was implementing new measures to remove bad links. Posting URLs in YouTube comments was not possible until YouTube and Google Plus became linked – a move that has drawn significant criticism among YouTube users who want to use the video-sharing site without also participating in Google’s social network.
At issue is the comment spam that has characterized YouTube almost since its inception. Some users, reports Leo Kelion, “have complained that by allowing links and art in comments Google [has] instead exacerbated the problem. … Security blogger Graham Cluley wrote that by allowing links the firm had made it ‘easier than ever for spammers, make-money-fast-scammers and malware-spreaders to get airtime.'”
The spread of innovative scams, worthless links, invitations to download viruses and general online perfidy is neither new nor isolated to large sites like YouTube. The approach of the holiday season, including Black Friday and “Cyber Moday” (the Friday and Monday after Thanksgiving, when retail and online sales see a significant spike), draws scammers and hackers like flies to refuse. They go where the opportunities are to be had. We are using our smartphones and social media more now than ever to engage in sales, acquire coupon codes and make actual purchases. Into this fertile sales ground the scammers are marching, hoping to siphon some of your hard-earned dollars for themselves.
Byron Acohido, writing for USA Today, explains that the opportunities for cyber-scammers are greater than ever thanks to the evolving ways we are using technology to shop.
Focusing on social media and smartphone applications, the criminals are – according to Acohido – flooding email, search results and social media posts (including YouTube comments) “with tainted Web links, offers for worthless products and pitches for all variety of scams.” Among the tactics used is “phishing,” wherein bogus communications attempt to trick the reader or viewer into giving up his or her personal identification information. This facilitates identity theft as well as simple fraud. And no matter how aware some consumers are of the potential for online scams, there will be others who click scam links or respond to offer e-mails without realizing the dangers.
Acohido writes, “The crooks count on one in 10 recipients of holiday-themed phishing lures to click on a poisoned link, or fill out a bogus form. The bad guys have been planning all year for this. Messaging security firm Proofpoint says email carrying faked delivery confirmations and order notices purporting to be from FedEx, UPS, DHL, Amazon, eBay, WalMart, Target and ToysRus have already begun to swell. Clicking on the enclosed links turns over control of your computer to the attacker.”
A typical phishing scam received in your email purports to be an alert from your bank or, especially at holiday time, a notice that you have a parcel waiting to be claimed. Clicking through the link, which appears to be legitimate, exposes your data to the scammers and may open your device or computer itself to malicious code.
Acohido goes on to warn that phishing attacks will spike as we get closer to Christmas. Links from shipping companies are particularly suspect because of the link to holiday shopping. Our attitudes, too, help facilitate these criminal enterprises, for as we become enmeshed in the buy-buy-buy spirit of holiday commercialization, we are more apt to jump at perceived bargains without considering the risks.
“Holiday shopping has come to mean fielding recommendations from our Facebook friends and Twitter followers, and using our smartphones and touch tablets to hunt for bargains and make purchases,” he asserts. What’s worse, because we carry our mobile devices with us, we tend to think of them as more secure – when in fact they may be even more vulnerable to attack. How many of us, for example, bother to run anti-virus programs on our smartphones?
Too many warnings of online security threats focus on the specifics of the “next big thing” or the trending methodology favored by cyber-criminals. The solution to online threats is more systemic than dealing with these issues piecemeal. It is not enough to be aware of a coming virus threat or a specific email purporting to be from DHL or UPS. It is not enough to eye with suspicion a YouTube comment extolling the virtues of a never-fail money-making opportunity. We must alter not our behavior, but our fundamental attitudes toward using a tablet, smartphone, or any social media site. We must recognize that the moment we use any of these tools, we are choosing to entertain the conversations of thousands of strangers.
Among those who believe that the popular “board game,” the Ouija Board, can be used to contact and communicate with spirits, the danger of doing so can be likened to randomly calling a number taken from the phone book. The individual who answers may be a perfectly “normal” one. He could also be mischievous, deceptive, or the equivalent of a murderous psychopath. When you interact with any entity online, you’re taking on faith that the response you get is not a criminal one.
The smartphone, the tablet, the Internet-connected device is in some ways an Internet Ouija Board whose effective reach is unlimited. To use one means that you are connected to a functionally unlimited number of strangers whose motivations you cannot know. Many of these individuals wish to sell you a product or service in good faith, and in many cases these are products and services that you in turn wish to buy. But salted among the law-abiding and the earnest are the lawless and the dishonest. For every legitimate site, there is a phishing page or a scam artist. For every honest retailer, there is a boiler room in Russia or China or Africa.
Understand, when you shop online, when you click any link, that you are not merely taking a calculated risk. The risk of online activity is not incidental. It is fundamental, an inextricable component of the tenor and character of using the Web.
We forget this at our peril.