According to thinq UK, Facebook was recently hit by the biggest wave of spam in its history. What is Facebook spam? You’ve probably clicked on one of the links that show up in the Feed. You’ve seen them before – e.g. “OMG! Look at what this babysitter did to this baby!” or “Guy takes a pic of his face everyday for 8 years!” It grows exponentially. One person clicks it, another person sees their friend clicked it (it shows up in the Feed) and so on and so on.
The thing with Facebook is, it’s a Website. It makes no difference if you’re running a Mac, Windows or Ubuntu. You could have the best, most-expensive antivirus software – it doesn’t matter. With Websites, it’s all about trickery and deception.
“The only defense against it is user awareness and thinking before clicking.“
The bad guys know the keywords you’re searching for. Take for example the recent Charlie Sheen activity. Users click links to what appear to be stores about Charlie Sheen. They’re then greeted with pop-ups asking them to install a malware remover. This is actually malware trying to trick you into letting you install it.
“Everyone should be aware that malware writers have become very adept at search engine optimization to ensure their malicious links get placed on top image results returned from Google searches.“
With Facebook and Twitter, it’s so easy to quickly spread a link. If someone isn’t paying attention or is “lured” in by a thrilling tag line, they end up getting scammed. Just the other day, an inconspicuous link started appearing in the feed. It was supposedly an article about how a guy took a picture of his face once per day for 8 years. Seemingly harmless, right? Well the link led to a fake YouTube site…
“The most important point for consumers is to not agree to download or run any software they do not intend to install on their machines — and to not be scared or intimidated into doing so.“
The one that everyone seems to fall for is the, “see who’s viewing your profile” scam. That’s just it, it’s a scam. Here’s a great article on TechCrunch that details the scam. These used to show-up on MySpace and now they’re all over Twitter and Facebook.
So how do you stop it? The Computer Peeps recommend Firefox with NoScript. This will prevent any malicious Javascript (such as the ones launched in the Facebook feed) from being launched.
This isn’t something software absolutely prevent. The key is, awareness. Be aware that the bad guys know what you’re searching for. Be aware that people spread links unintentionally. Unless it’s a trusted news site or authority on the topic, watch what you click. I’m sure it would be more exciting to have some geeky way around this but honestly, it really does come down to awareness.
To recap:
- Think before you click. Is that enticing headline truly what it appears to be? Is it worth clicking on to find out?
- Know that no software can protect you from social engineering. Much like in life, it’s all about experience an knowledge.
- Make sure Windows is up to date and getting the security patches that come out on an almost-daily basis.
- Make sure you’re running ESET Nod32 antivirus.