Mobile devices ... increasingly targeted by cyber criminals. Photo: Reuters
Australia's top cyber cops are warning that social networking sites such as Facebook are increasingly being targeted by cyber criminals as a way to steal internet users' money.
The growing commercialisation of social media through links to online trading such ''buy, swap and sell'' sites means cyber crooks now have a strong motivation to hack people's account details, police say.
[Smartphones] can be compromised as easily as your computer can be compromised.Scott Mellis, Federal Agent
In an interview with Fairfax Media, the Australian Federal Police's manager of cyber crime operations, Commander Glen McEwen and Melbourne team leader Federal Agent Scott Mellis outlined a range of new threats facing web users.
These included vicious ''form-grabbing malware'' that can steal large amounts of personal data, as well as complacency about the security of mobile devices, which most people do not protect with anti-virus software, even while using their phones to do banking.
One particular emerging threat was the growing link between social networking and online trading known as ''buy, swap and sell sites'', Mr Mellis said.
''You sign onto those sites with your Facebook account and, as a result of that, you start using those platforms for trade,'' he said. ''There's going to be money involved and hackers will be interested in getting inside those.''
This includes malware attacks that steal payment details through social networks or tricks users into handing over those details, he said.
''I had a friend the other day wanting to use a local 'buy, swap and sell' network and they needed a Facebook account to actually get onto it, so that's an example of how this sort of trade is coming into the social networking space.
''My team has seen this as something that's rising out of the surface at the moment. I do see it as a trend.''
Previously there had been little incentive for anyone to hack into social networking sites, other than to get the personal information of another user.
Another threat Mr Mellis said is ''definitely a trend'' is mobile device malware. While most people today carry smartphones, few people thought about anti-virus protection for those devices in the same way they protect their computers.
''They don't think of [smartphones] as computers so therefore they don't put an anti-virus on them. They can be compromised as easily as your computer can be compromised. And people do their banking on these now.
''Why would you do your banking on a phone but not use an anti-virus?''
Mr Mellis said people should explore the options for securing their phones.
''I'm not in the business of scaring people but it's a good idea to see how you can defend your data because you're accessing very, very sensitive information on your phone.
''Criminals exploit the path of least resistance, which makes mobile platforms a target.''
Commander McEwen said most cybercrime was preventable, though it ''could take a whole generation for people to become technically savvy enough and aware to implement such safety measures''.
People need to think of cybercrime in the same way crime is thought of in the real world, he said. A ''distributed denial of service'' attack – crashing a major system – was akin to a major arson attack, while theft of bank details was a robbery.
''It's a challenge for law enforcement to demystify what the cyber world is about. It's all the commission of crime,'' he said.
* Maintain current anti-virus software that is obtained from a reputable source and is regularly updated.
* Make sure your operating system is updated to ensure any security vulnerabilities are mitigated.
* Use strong passwords to protect personal information.
* Passwords should also be kept secret and changed regularly.
* Limit the amount of personal information placed on the internet.
* Do not provide financial or other personal information to people you do not know and trust.
* Never click on links contained within spam or unexpected emails.
Anyone who believes they are a victim of a scam should report it to SCAMwatch on 1300 795 995 or go to scamwatch.gov.au.