Social networks urged to tighten security

Security experts are calling on social networking providers to scan messages sent from their sites more securely, or risk further high-profile incidents in which user accounts are hacked and customers are hit with identity theft.

Graham Cluley, senior technology consultant at Sophos, argued ahead of the launch of the security firm's biannual Security Threat Report (PDF) that "the honeymoon is over" for social networking sites such as Facebook and Twitter.

"It is time for them to do some growing up. They have been very successful at getting users, but now it's time for them to do some important behind-the-scenes work," he said.

"We would like to see a more proactive approach to stopping malware, spam and identity theft. They should be scanning links and content to see whether they are malicious or not, just like Hotmail, Gmail or corporate account [providers] do."

In the meantime, Cluley urged users to run a special plug-in or add-on which converts shortened URLs to their original form, to see more clearly whether they are been led to a malicious site. Criminals have recently stepped up the use of shortened URLs to fool users into visiting compromised web sites.

"Companies should also be running web scanning tools. We find one new infected web page every 3.6 seconds, which is four times what it was in 2008," he said.

The Sophos report will also reveal a major rise in the amount of scareware used by criminals to extort money from vulnerable users by persuading them that their PC is infected or otherwise at risk, and urging them to buy bogus secu rity software.

Sophos reported that the number of new scareware sites, to which users are directed in order to download the software, has tripled from five a day last year, to 15 a day this year.