Facebook, is the most popular social networking site today on the Internet. Its easy and free for anyone to create a profile there, and millions of people are using the website every day. So obviously, spammers and scammers have also embraced this medium! In this post, we will look at some ways in which they deceive the users and what you can do to be careful about them. These things apply both at the organization level if you are on an enterprise network and also for the users browsing the Internet using their broadband connections at home.
In Facebook (and even in life) its better to always follow one golden rule – If its too good to be true, then it is most probably not! And, you can never get an unfair advantage by breaking the rules.
1. Socially Engineered Threats: These threats are not technical in nature. If a stranger befriends you on Facebook and you have been conversing with them for quite sometime, you tend to develop a certain amount of trust in them, and perhaps click on the links they share. Or one of your offline buddy for a long time might inadvertently share a malicious link. So, the process of using the trust level you might have on others to the advantage of scamsters are classified as socially engineered threats. Your instinct, perhaps is the only way to prevent this.
2. Spamming: On Facebook, you might get some friend requests from unknown people and once you accept their requests (in order to gain more friends), they might keep spamming you with messages containing marketing offers. Or, your own friends might seem to advertise some ‘too good to be true’ stuff. As long as these are for attention grabbing for some application/ product, it should be fine. But some users might deliberately advertise malicious links with the intention of stealing your credentials or advertising their products to your contacts. Some links might even be phishing links! You should be careful and not click on such links.
3. Applications: There are so many applications on Facebook (including games) that are quite popular. But some of them just want too much information about you and even want to post messages on your behalf (which are shared with your friends). This is quite ok with popular applications, but beware of new application that seeks your permission to do such things. You can also report applications that advertise malicious links and disable them anytime.
4. Compromised Profiles: If you see an obscene picture or video shared by your friend, there is a very good chance that his/her profile might have been compromised by a hacker/ scamster. Do not click on such links, and report the same to them over phone/ mail.
5. Trojans: Certain programs (for example Koobface in Facebook) are capable of downloading some malicious files to your computer (without your knowledge) with the intention of stealing personal data / credentials. For example, Koobface requires that users download a movie player / upgrade their flash player in order to view the video. Once you click on the download link, the malicious software is downloaded to your computer. So, be careful of such ‘Video Player Downloads’, ‘Windows Updates’, ‘Anti-virus checks’, etc.
6. Freebies/ Easy Points: Some advertisements on the Internet claim that they can get you so many points on Farmville (for example) for a very low cost. Sometimes, they claim to do it even free of cost! Do not give access to your page to these scamsters. Remember one golden rule – there is nothing that you can get for free in life, you pretty much have to pay back for things even if you got them for free. That applies to social networks as well.
7. URL Shortener’s: Before you click on a link, you need to hover your cursor on the link to have a look at the URL (Web address). If the URL looks suspicious, maybe it is! But these days, lot of people use URL shortener’s and even scamsters might use them to obfuscate their links. You can use a tool like Norton Safe Web (from Symantec) to scan all the active links shared by your friends in your page (including shortened links) to check if the links are fine, or belong to some malicious group.
8. Impersonation: Some people might impersonate a celebrity with a celebrity photo on their profile. Some of them create duplicate profile and advertise some jobs. Basically, they try to lure you into some one-time offers and require you to pay the money in advance for their products/ services. Never pay any money in advance/ disclose your credit card information to individuals on Facebook.
9. Click-jacking: This is a slightly advanced method (like Cross Site Scripting, etc) where the users lure you to click on an image (or) an application – like a game. Where ever you click, they can place an invisible ‘Like’ button (using hidden iframe tags) and make you to share their link without your knowledge. It might be better to have a duplicate profile and add yourself as a friend to monitor if certain additional links/ messages have been shared on your behalf, without your permission. It may be better to use a No Script plugin for your browser that can detect such malicious scripts being run without your knowledge.
10. Look-alike sites: If you have clicked on a link from email (or) other websites, you should always be careful and check if the site you have landed on is the original one (or) a Look-alike. You can check the URL (for slight variation), you can see if https has been replaced by http. You can check for a digital certificate too. If you happen to provide your credentials (user-name/password) to the duplicate site and realized it immediately after, type the original site URL on another tab in the browser, log-in and change your password immediately.
You can follow the latest Computer Networking/IT Products released for homes/small businesses & reviews by subscribing to this blog with your email address in the top right-hand sidebar box: ‘Follow by E-mail’. You can expect one mail per week (max).