Tuesday, May 24, 2011

9 Facebook Scams to Watch For


If you're an avid Facebooker, and might even say that you're addicted, then listen up because there are some serious Facebook threats that face you as a user that you need to know about.

Keep in mind, the discussions here are all in terms of how they apply only to Facebook. There are other forms of them, but this is about how they function on Facebook.
  • Clickjacking


    With promises that seem a little too technical for the usual Facebook user, clickjacking has users click on links or buttons that say one thing, but actually do other things that are much more malicious in nature like, say, take over your facebook account to spread their spam like wildfire.

    Perhaps you remember when I discussed the Osama bin Laden scams that happened right after his death was announced.

    Similar to that, these are pages that promise things like free stuff (doing something to redeem trips, merchandise, deals on clothes or food, etc.), or they promise you things that are just flat-out lies (Who's seeing your profile? Track them!, Make Your Account More Secure Automatically! Do this..., etc.).

    Either way, they require you to copy and Enter some Javascript into your address bar above. If you do that, and you're signed into your Facebook account (both conditions need to be fulfilled), then you have effectively given the bad guy behind that code access to your account. So now they are able to manipulate (but will probably just collect) any information on your (and all of your friends') profile(s), they now have the ability to post what they want on your wall and on the walls of all your friends, and unless you immediately go into your account's settings and get rid of this page by "unliking" it or removing it from your "Likes," then you will be infected.

    To remove it, go up to the upper right corner, and follow this path:
    Account Privacy Settings Apps and Websites (lower left corner)
    Edit Your Settings Apps You Use section Click "Edit Settings"

    ...and from here, you can get rid of the page that has infected your account.

    Also, as a courtesy to all of your friends, IMMEDIATELY send out a message to everyone that they should ignore the last few posts that you have made to their walls, to disregard any message to "Like" a page or to sign up for anything.

  • Fake Polls/Questionnaires


    These aren't the Facebook apps of old where you just had to install the app in order to take the quiz, not anymore. The bad guys have gotten a little smarter than that since.

    Now what they do is that they direct you to a webpage that looks and functions sort of like how Facebook would, but if you pay close attention to the web address, then you'll see that it's not at all a page on Facebook, and it's here that you should immediately close the browser window.

    If not and you continue and even complete the quiz (congrats on earning them traffic revenue), then you are required to provide some information in order to see the results of your quiz. A common way is to provide your phone number, and from here, they can run up charges onto your account, and clearing this up with your phone carrier can be a nightmare.

  • Phishing Schemes
    Just to recap, phishing is a scheme where you think you're signing into a regular website like normal, but you are actually giving your login credentials (username and password) to a website that only LOOKS like the regular site.

    What makes getting your Facebook login credentials even more dangerous than usual is whether or not you make use of Facebook Connect, which is basically signing in to other websites by using your Facebook account. So once they have your facebook information, they've also got more than just your profile information (and that of your friends); they've also got every other site you use Facebook for.

    The best way to prevent this from happening is to always ALWAYS ALWAYS make sure that you're logging into Facebook by checking the address in the bar up top.

    Always log onto www.facebook.com

    Of course, if you have been compromised, then you should immediately change your password. Once that's changed, the phishing site loses control and you should be okay again.

  • Fake Emails, Messages
    When perusing Facebook, you should always be aware of any messages or wall posts that claim to be from "The Facebook Team" or Facebook itself. This is a red flag and should be approached with caution.


    Messages like these always are one of two things: either they have a tone of panic and urgency or they want you to look at something attached. In the former case, they will always say that something with Facebook has changed and that you need to take action immediately in order for your account to remain secure. They scare you into clumsily acting, and that's when they make you click on a link that takes you to a site with malware to infect you. In the latter case, they just want you to download an attachment, which is the malware.

    In either of these cases, DO NOT FOLLOW!!! Just delete the message, don't click on anything contained within, and you'll be okay. If you feel so inclined, you can report this message to Facebook before deleting, and then they'll sort it out.

  • Desperate Messages About Money
    This one really tugs on your heart-strings, if you've got any. The deal here is that a friend of yours will send you a message, one that will contain a real tear-jerker of a story, talking about how they somehow ended up in a very unfortunate situation. Bottom line: they need money, and they need you to send it to then via a wire-transfer (Western Union, etc.).


    This is dangerous because you're falling for a classing spam email scam: give them your account number, and they'll be able to get the money they need, only they'll drain your entire account and leave you penniless.

  • Fake Friend Requests


    This is a no-brainer, or at least it should be by now. But since it bears repeating for the sake of this point:

    Always beware of who is adding you. Not all Facebook accounts have real people behind them, lonely and looking to be your friend. If it's a hot girl (depending on who you are, and you're reading this blog, chances are not likely, lawl), then you should take some caution (a LOT of caution).

    The oldest trick in the Facebook: once you're added to them as a friend, they have access to your profile information, and now they have a more specific list of targets, your friends, to add as well.

  • Fake Page Spam
    You'll see a lot of these pages floating around the Internet, on Facebook or otherwise.

    A lot of the time, they'll either be a front for a click-jacking attack or even a phishing scheme: offer something in exchange for some information: "Like" the page, Allow it access to your profile, send invites to all of your friends to the page, etc.

    The main idea is to spread spam and bother everyone you know with nonsense data. Don't fall for it. Remember to check the address bar and also verify who's sending you information.

  • Rogue Apps


    Here's where the hair should stand on your neck. If there's ever anything that's asking for your permission to access your Facebook profile, that's when you need to be at DEFCON 1. You need to do everything in your capacity to investigate, verify, and confirm twice the identity of the app that you wish to add to your profile.

    If you want to add a famous app, make sure you're not adding the knock-off or fake app with the same name. Always make sure you're getting the right app...

    ...because the wrong app can lead you down a dark road. If you allow the wrong app access, you can be the target of any of the aforementioned compromises: phishing, malware, click-jacking, and/or money schemes. It can also do the same things that adding a fake friend can do.

  • The Koobface Worm
    This famous social network attack has been in existence ever since 2008, but the stubborn little bugger still shows its face around the site, so you STILL have to watch out for it, especially if you've got Windows.


    This employs a completely different attack than all of the rest that have been described above: the way this one works is that it sends you a message that entices you to click on the link inside ("Look at you last night!", "Check out this hot girl!", etc.). The link then takes you to a page that looks everything like YouTube, but the main difference is that it "requires" you to download an "update" to Adobe Flash Player in order to see the video.

    BIG RED FLAG! The "update" to Flash is the malware itself! Do not download it! Check the address, it's probably Russian (it was when this attack was first discovered). Also, check your flash player and see if your Adobe Flash software is up to date. If so, then you don't need to see the video.


Well, there you have it, folks! Now that you know, keep an eye out, and don't fall through the cracks!

Happy Facebooking! :)

story via The Huffington Post



← great movie, check it out!

No comments: