Facebook scams are a huge problem. Even today, after years of effort trying to prevent them, all sorts of scams continue to thrive on Facebook. This includes things like malware, spyware, facebook login phishing and other tactics to manipulate users and make a quick buck, take control of someones computer, or worse, steal their identity. With Facebook now at over 1 billion users it’s more important than ever to become a defensive and aware internet user.
A few days back Troy Hunt exposed a very interesting data mining scam. This sophisticated attacker created a completely fake site that looked just like Facebook.com, however if you looked closely you would realize that the URL in the address bar as actually http://www.faceboourk.com, a completely fake site.
In this article we’re going to give you an overview of some of the most common and dangerous Facebook scams. It’s important that you know about and understand these ideas so you can protect yourself online.
Common Facebook Scams
Here’s an overview of the common Facebook scams. If you’ve been a Facebook user for even a short amount of time, you’ve likely encountered one or more of these.
Phishing
Phishing is an attempt by the attacker to trick a user into giving them the username and password for a particular website. But you’d never give your login and password away, right? Not intentionally, but the attackers are a bit smarter than that. They create fake but official looking websites and emails that appear to be coming from a website like say, Facebook or Paypal. Many times the web page you arrive at is an identical clone of the site in question.
The only way to defend yourself from this attack is to be aware of the URL of the website your visiting at all times.
Notice how in the above image the website address is https://www.facebook.com. If this says any other domain, it’s likely you’re on a Facebook phishing site. Facebook runs many of their own subdomains, which are completely legitimate (ie. https://developers.facebook.com), so make sure you focus on the primary domain name, and not the subdomain, when trying to determine if a website is legitimate.
Viral Applications
These are Facebook applications and games that are developed in a way that encourages you to share your activity with your Facebook friends. The problem is, many of these apps install with the options to share set to very liberal settings by default. You might remember early on when the Facebook API opened up and Zynga came out with Farmville. Remember seeing all of those annoying Farmville updates from your friends back in the day? Although Facebook has clamped down in recent years and made this harder to do, aggressively viral Facebook Apps still exist. Other examples include photo sharing apps, news reading apps, and shopping apps that unwittingly share your information with your friends.
To protect yourself from Viral Applications only install Facebook Apps that you absolutely need, from trusted app publishers. If you haven’t audited your installed apps in a while, go to your Facebook Applications section of your Facebook Settings and remove any apps that your not using. You may be surprised how many apps you’ve authorized over the years. Also, check the settings of various apps and if you like, lock them down to not share by default.
Malware
Malware is software that enables an attacker to infiltrate or damage your computer. It’s delivered as an executable file that, when opened, infects the victims computing device. One very common type of malware is the Trojan, a covert script that, once installed, gives the attacker full control over the victims machine. Trojans can also make your computer part of a botnet. Other types of malware include worms and your common viruses. Malware can also be a client side script that runs inside of an infected website and attacks you through your web browser.
To avoid malware be weary of any file that you download, whether it comes from email, a web page, or a link within a social network. Your new mantra is “Trust No Executables”. Also, always keep your web browser up-to-date by installing updates.
Another great preventative tactic is to look out for the Google Malware Warning, which will present itself just before you’re about to visit a compromised site. The warning looks as follows:
Spyware / Adware
Spyware and Adware are very similar concepts and are often confused. At it’s core, it’s software that’s designed to monitor your behavior and show you targeted advertisements directly on your computer. By monitoring your activity, smart Adware can show you relevant ads that get your attention. Even if you’re not the type of person who clicks on ads, once your infected it costs the attacker no money to keep pumping ads to your screen. It’s like free ad space, so every click is profit.
Similar to malware, the best way to protect yourself from Spyware and Adware is to be careful what you download and install and which websites you visit. And always be on the look out for warnings in your web browser that alert you to potentially harmful sites. Heed these warnings and avoid these sites.
Conclusion
Make sure you’re always aware of the URL in the address bar, only download and install software you need from trusted developers, avoid sites flagged as containing malware by your browser, and never under any circumstances give your login or password to someone via email. Defy this advice at your own Peril…
What Facebook scams have you seen or fallen victim to? Leave your stories in the comments.