6 Signs You've Been Sucked Into A Facebook Scam4:00 PM EST Fri. Mar. 22, 2013
A Facebook scam this week highlighted the threats posed to the millions of users of the popular social network. Security experts say users of social networks and Facebook, in particular, have high confidence in the links and information shared there. Attackers are constantly trying to take advantage of the high levels of behavioral trust, according to security firm Bitdefender. While Facebook has security teams and automated systems to detect suspicious activity and contain threats quickly, third-party app baits, spam, Likejacking and other activities persist, said Catalin Cosoi, head of the online threats lab at Bitdefender. Here are six signs you may have fallen prey to a Facebook scam.
Apps that promise to spy on people, or allow the user to interact with other Facebook users in ways that the social network does not allow, are illicit and very likely a scam, Bitdefender said. While the app may be freely available, victims are prompted with quizzes and surveys and the data collected is used in aggressive advertising. In a recent study, Bitdefender estimated that more than 30 percent of suspicious apps attempt to provide additional services such as traffic profiling to determine who is viewing your profile, who deleted your connection and who is a "profile stalker." While some services may be legit, many of them use the access granted to view Facebook connections and collect other information that may be considered personal, the security firm said.
Shocking images, news articles, blog posts and videos easily trick users into clicking links to view the content. The Facebook scam will redirect users to a malicious website where spyware or adware is installed on the victim's browser. Bitdefender's Cosoi said many of the scams are attempting to gain access to the victim's photos, likes, check-ins and other information, collecting the information for use in a potential social engineering attack. This is seen in 14 percent of Facebook scams, estimates Bitdefender.
Use of the word "Wow" is most commonly associated with a potential phony link or scam, according to Bitdefender. Other top scam trigger words or sayings include "Profile," "OMG," "Killed," "Girl," "Viewed," "Stalker," "Video," "Crying" and "Busted." Bitdefender said the words are associated with human-curiosity triggers. Facebook scammers used the trigger words in November when they attempted to trick users into viewing bogus videos of Rihanna and Miley Cyrus. The attack attempted to steal passwords through surveys.
"Is this you?" ranks as one of the most frequently used scam catchphrases, according to Bitdefender. Other phrases include, "What are you doing in this video?" "Find out who is doing x to you," "When after I saw this…" and "I just found out x about me. Check yours." Many of the phrases are also regularly used on other social networks to lure people to click on malicious links, Bitdefender said. Catchphrases changed often in 2012 in order to evade detection, Cosoi said, but many of the latest threats are attempting to reuse older ones.
Some attackers have developed a way to enable a victim to like a piece of content without their knowledge. Bitdefender said the technique is used to spread threats quickly. The content auto-generates a posting on the victim's wall, broadcasting to people that the content behind a malicious link was liked. Typically the Like button is embedded in a video or image, automating the process of endorsing the link. Likejacking is believed to have been used to spread a lose weight offer last year. Facebook has done a good job of reducing this threat, according to Cosoi, but charity scams using phony donation requests continue to persist.
Attacks using data-stealing malware and other Trojans accounted for only an estimated 4 percent of Facebook threats. Facebook aggressively monitors for worms and other malware and believes the number of users ever impacted by malware attacks on the site is always well below 1 percent. Last year, a Facebook worm called Ramnit is believed to have compromised 45,000 accounts, ending up stealing passwords of victims. The Ramnit botnet is still being tracked and has been connected to banking malware. Cosoi said he and other threat researchers also have seen botnet owners use Facebook pages and other social networks for command and control purposes.