Apple launched iTunes 10 with Ping, a new music-oriented social network, on Wednesday. Within hours, the site fell victim to spammers looking to make a quick buck from Apple's unsuspecting 160 million music lovers exploring the new way to discover what music their friends are listening to.
Ping was heralded as the future of social commerce by some analysts, but Apple will have a near-term challenge of battling identity thieves looking to steal the credit-card numbers of iTunes users. Some Ping posts are attempting to trick users into believing they will receive a free iPhone if they complete online surveys.
Sophos published research earlier this year demonstrating a 70 percent increase in the number of users reporting spam and malware being spread via social networks, a trend that continues to grow. It would appear that Apple missed that report.
Apple's Wake-Up Call
Graham Cluley, a senior security consultant at Sophos, is not at all surprised that spammers and scammers have flooded the Ping platform. As he sees it, Apple doesn't appear to have anticipated that spammers and scammers would find the opportunity too good to miss.
"If Apple had implemented some antispam technology, pre-filtering the messages for malicious or fraudulent links, then that might have prevented the problem becoming as big as it is as rapidly as it has," Cluley said. "It also appears to be simple to create fake accounts on the system. For instance, there's more than one 'Mark Zuckerberg' and even 'The Beatles' -- who famously aren't distributed via iTunes- -- claiming to have an account on Ping."
Cluley is used to survey scams like this being spread on sites like Facebook, but he sees the irony in Ping scams focusing on Apple's iPhone. He hopes Apple's security team can block scam messages and malicious links quickly.
Deterring Consumer Use
Cluley said there is definitely a danger that innocent users could be tricked into visiting dangerous links designed to phish them, install malware, or trick them in other ways. But will spammers punish Ping's chances for success out of the gate? Will iTunes users shun the new social-commerce network?
"It's really too early to tell, but there are plenty of people complaining on Twitter, for example, that Ping is next to useless until the spam problem is controlled," Cluley said. "This is just more evidence that cybercriminals are increasingly using social networks to spread spam and scams. Users need to be on their guard against such attacks, and the service operators need to build robust defenses to keep order."
As more companies jump on the social-networking bandwagon, Cluley warned them to think carefully about what they are going to do to make their communities a safe place for users to hang out. If they're complacent about these sorts of security risks, he said, then users may end up voting with their feet and find a safer place to spend their online time.