Corante

Home > Weblog Columns > Get Real
Quote
"I can’t think of anything that demonstrates the sovereign nature of the self better than a blog.” - Doc Searls
About the Author
stowegold150x150.jpg
Stowe Boyd is a well-known media subversive, and an internationally recognized authority on real-time, collaborative and social technologies. His new blog is Message.
Check out Appopedia, a new directory of reviews of Web 2.0 apps for work

Get Real

« Trawling With Engines Of Meaning | Main | Joi Ito on "What Would Gandhi Do?": The Conformist Pressure of the Internet »

March 24, 2005

Phishers abusing IM vulnerabilities

Email This Entry

Posted by Arieanna Foley

Should it surprise us that the IM waters are getting clouded by phishers? [a phisher is someone who sends out a legitimate-looking message that tries to trick people to go to a spam site, or, worse, to give away their financial information or to download viruses or worms.]

John Dickinson of Messaging Pipeline points to the increased trends of phising on IM’s. He argues that IM’s are vulnerable to phishing not because of security issues, but to the “vulnerability and naivet of users.” Why is this? Many users accept messages from strangers – after all, many IM’s used as a way to meet new people to begin with. So, if a user accepts the message, there is a greater likelihood that the link will be clicked – leading the user to spam and phishing sites. At least with email there are junk filters to stop you from being exposed to the message – this is not so in this scenario.

So, why would anyone click on the link anyway? Well, people do. According to a recent study, as many as 10% of people buy spam products, and over 30% of people click on spam and phisher links. Although these stats were for email, you can imagine it being the same, if not higher, for IM. I would perhaps think that IM’s have that “trust” environment going for them, making users more likely to accept links and click on them.

So, when will spim-blocking get serious for IM’s?


As far as I can tell from talking to vendors like FaceTime, Akonix, and IMLogic, not enough of you have taken advantage of those systems, and your employees remain vulnerable to all sorts of IM security breaches.

There are usually options within IM’s to increase privacy – not accepting messages from people you don’t know, being asked when added to contact lists, etc. I have noticed in MSN, I cannot receive links from people unless another non-link message is sent first. Don’t know if this is a spim block, but it is effective. Overall, it would seem IM’s are vulnerable to spim because people let their guard down in the IM environment. Spim-block software will need to be build around the realization that people may want to receive unsolicited messages – just not necessarily spim.

[tags: ]

Comments (1) + TrackBacks (0) | Category: Technology


COMMENTS

1. Tris Hussey on March 25, 2005 07:01 PM writes...

I've try ZoneLabs' IMSecure. Nice piece of software. The free version has some anti-spim and phishing protections, the pro-version is better.

Interestingly Skype has it's own form of spim, which is people trying to learn/practice English with English-speakers and--this is a new one on me--finding people in an area where you want to travel to and asking questions. Niether of this, in reality, seem that bad, though, do they?

Permalink to Comment


EMAIL THIS ENTRY TO A FRIEND

Email this entry to:

Your email address:

Message (optional):




RELATED ENTRIES
Reminder -- /Message
/Message - A New Blog
The Individual Is The New Group -- Part 1
1000 Tags: Tag Advertising
Social Ethics And Technology Design
Nancy Hass on In Your Facebook.com
Black and White and Dead All Over: Is Newsprint Dead?
Anonymous Trolls, Beware: You Are Breaking Federal Laws