Loading....

[Warning] New Facebook Threat

Computer BugThere is a *new threat floating around Facebook.  It’s another one of those “See Who’s Viewing Your Profile” scams.  I’m not surprised so many people are dying to see who’s viewing their profile.

It’s such a common desire that the “bad guys” know they’ll be able to fool at least one person (well, clearly more) into falling for their trick.  This is akin to some scam artist trying to sell you something you don’t need.  Stop and think, “wait, is this REALLY going to show me who’s viewing my profile…and is it worth it?”  This is how you get viruses, get your personal information stolen, get your email hacked, etc.

This latest scam was around when MySpace was popular, so the actual tactic isn’t new.  The post that’s making its way through Facebook looks like this:

Facebook Stalker
Fake View My Profile Post | Click to Enlarge

Notice they’re using a URL shortening service (Bitly) to mask the true URL.  They’re trying to mask something from you, which should be the first clue.  If you’ll also notice this was posted via the Stalker-Viewer app.  Even ESET Nod32 Antivirus knew this was a potentially unwanted app and blocked it long before Facebook even knew about this rogue app:

ESET blocking rogue Facebook app
ESET blocking rogue Facebook app

ESET notifies that it has blocked the URL long before the website had a chance to harm your system:

ESET Nod32 blocking rogue Facebook app's site
ESET Nod32 blocking rogue Facebook app's site

The main thing to take from this article is that threats on Facebook are-a-plenty.  You want to use Facebook to help your consignment or resale store gain exposure.  Make sure you sit down and discuss this with your employees though.

No matter which antivirus or security software you have, there should never be a sense of “I can click whatever I want.”  Those that switched to Macs years ago because they thought they could do just that, are finding out the hard ware that malware exists on Mac OS and phishing/stealing login information can happen on ANY computing platform.

You wouldn’t send your friends into an unknown city and tell them to go walking down the back alleys in the middle of the night.  The same is true with the Internet.  You want to empower your employees with information so they can be informed while browsing the web.  Make sure you view our additional articles in our blog that discuss other Facebook threats, ESET, Malwarebytes and NoScript.

New Facebook Settings You Should Enable

Facebook has added new privacy options that we recommend enabling.  The first is a feature called Profile Review.  This lets users preview posts other users tag them in.  Since rogue Facebook applications can tag users in posts, this is a great way to prevent bogus posts from spreading.  The second option is called Tag Review.  Follow the instructions below to ensure both are enabled.

To enable Profile Review, click Account > Privacy Settings:

Facebook Privacy Settings
Step 1: Account > Privacy Settings

Click the Edit Settings link to the right of How Tags Work:

How Tags Work
Step 2: Edit Settings

Your Profile Review option will show as Off.  Click it to turn this option On:

Enable Profile Review
Step 3: Edit Profile Review settings

Now click the Turn On Profile Review button:

Turn Profile Review On
Step 4: Turn-on Profile Review

When you’re finished, you should see that Profile Review is now On:

Profile Review On
Step 5: Verify Profile Review is on

Your Tag Review option just under Profile Review should now be on as well.  This lets you review any tags a friend might add to your posts, such as pictures you have uploaded.

Give your Facebook posts some TLC!

When you’re sharing a link via Facebook, Facebook does a really good job of collecting information about the website/link you are about to share.

Facebook is usually able to find pictures and information about the page you’re about to share.  This can be exactly what you were looking for – e.g. the title of the article – or it could end up being not quite what you were looking to share.

For example, here’s what Facebook finds when we attach the following blog post of ours -> http://thecomputerpeeps.com/tcpblog/?p=1464:

Sample Peeps Blog Post
Sample Peeps Blog Post | Click to Enlarge

Not bad!  Facebook found our official page Title, our site’s Meta Description and even our logo.  But I don’t want it to just show our website and the standard-issue stuff.  I took the time to write up a nifty blog article, with plenty of cute pictures and quippy remarks.  Notice when I hover over the title – i.e. Help & support for consignment software – that it turns yellow…

Edit Facebook Post Title
Edit Facebook Post | Click to Enlarge

I want the title to reflect the name of my handy-dandy article, so in this case, I want it to show “Spiders, oh my!

Edit Facebook Title
Edit Facebook Title | Click to Enlarge

I’d like my Facebook post to show a little snipit from my blog post, not just the default website description.  When I hover over the page description, it turns yellow as well:

Edit Facebook Description
Edit Facebook Description | Click to Enlarge

I can then type (or copy/paste) the text I want to see:

Facebook Edit Description
Edit Description | Click to Enlarge

My favorite is the thumbnail.  This lets us select from the images Facebook was able to detect.  In our example, Facebook found 3 possible images it can use as the thumbnail.  I can use the little left/right arrows to select the thumbnail I want, in this case, my spider:

Facebook Choose Thumbnail
Facebook Choose Thumbnail | Click to Enlarge

That might look like a lot of editing, but it’s really not.  It only takes a few seconds to copy/paste.  I just wanted to have the steps broken down so you could clearly see each of the components in a Facebook post and how you can customize it.  The right title, description and image can help set your post apart from the “noise” out there in the Facebook Feed.

Don’t be afraid to say something extra too!  That’s what the Say something about this link… box is for…

Say something about this link...
Say something about this link... | Click to Enlarge

In my experience, the worst thing you can do is share an “ugly” URL or an article that doesn’t properly format when you attach it to a Facebook post.  Since you’re using Facebook for your business, take the extra 30 seconds to spruce up your post before you push it out the door.

[Warning] Virus via Fake Justin Bieber Facebook Post

The Biebs.  The Biebs.  We all love her.  This latest social engineering attack comes by way of Justin Bieber and a “video that ends his career for good.”  I guess these sorts of links are irresistible too.  It’s the guys clicking this one!  😀

Justin Bieber Facebook Malware Removal
Fake Justin Bieber Post | Click to Enlarge

We’re *all adults, so I’m not going to blur out the middle finger.  😀  Ok, so I have to give *them* some credit on this one.  In Facebook posts, they always show the domain name – e.g. in this case, linkedin.com.  If you hover your cursor above the link though, it reveals the following:

Linkedin Redirect URL
Linkedin Redirect URL | Click to Enlarge

The LinkedIn domain name is completely legitimate!  There’s actually a *flaw* of sorts in LinkedIn’s code.  The redirect?url= variable accepts any URL, as long as it begins with www.  So I’m able to enter http://www.linkedin.com/redirect?url=www.thecomputerpeeps.com and it will take you to our website.

Someone noticed this and realized, “hey, Facebook only shows the domain name.”  They take you off to their site and launch a screen shot of a Justin Bieber video, re-post to your Facebook wall and write a virus to your hard disk…

Fake Justin Bieber Video
Fake Justin Bieber Video | Click to Enlarge

Well, since LinkedIn is a legit site, Facebook is going to let it slide.  Yikes!  So really, this issue begins with LinkedIn’s system.

When you see this post, mark it as SPAM…

Report scam Facebook posts as SPAM
Report scam Facebook posts as SPAM | Click to Enlarge

Not even a week from our Social Media Frenzy workshop in Dallas and we see a new, smarter malware post.  I was discussing this with Kate Holmes and a good way to explain this, is to equate it to the flu shot.  Without people poking around and finding all of these flaws, systems would remain insecure and vulnerable to attack.

If you or anyone you know clicked on that link out there in the Facebook Feed, your system is infected (if it didn’t pop-up a quarantine notification right away).  You know the drill -> http://mycp.biz/thecomputerpeeps_eset.

Don’t forget to read our other posts that show other types of Facebook social engineering attacks.

[Warning] ANOTHER Bogus Facebook Link

This one just popped-up in the Feed a few minutes ago.  Its title is “Yeahh!! It happens on Live Television!”  Ironically enough, it’s women that are clicking on this post too, not men.  😀

Fake video post on Facebook | Click to Enlarge

This one redirects you to a fake Facebook page…

Fake Facebook Page
Fake Facebook Page | Click to Enlarge

It then asks you to “Click Jaa twice to confirm”…

Click Jaa twice
"Click Jaa twice" - Are you kidding me? 😀 | Click to Enlarge

I mean, you should’ve already been able to tell this was a bogus post right away.  The website weebly[.]com lets anyone create a website, so someone signed up for videovideo1[.]weebly[.]com.  It’ just like anyone can sign up at BlogSpot or WordPress.  Asking people to click ‘Jaa’ not once, but twice – are you joking?  Is that some form of new security measure – click twice?  Sadly enough, it works for X amount of people.

You know the story…install Firefox, install NoScript, use ESET Nod32 Antivirus, blah, blah, blah.  😀

I must sound like a broken record!

========================================================================

UPDATE 6/23/2011

It looks like they’ve moved their crappy little pages over to a different site.  The same scam post from yesterday, is showing up with a new URL…

Bogus Facebook Link
Bogus Facebook Link | Click to Enlarge

Same virus as yesterday, same bogus picture, just a new URL and a new title.

[Warning] Latest Facebook Malware Link – “r0ller c0aster”

Shocker.  The ‘0rgasm’ post on Facebook leads to a virus (Trojan).  Funny enough, it hasn’t been men that have been clicking on the link in the feed.  🙂

Here’s what the latest scam/virus/fake link looks like…

Facebook malware virus trojan scam social engineering

They’re trying to circumvent Facebook’s detection algorithm by tossing in zeros (0) for the O’s…

Trying to trick Facebook's algorithms

I don’t really feel too bad for those who clicked this (come on, isn’t this one just obvious?), but we still have to bring it to everyone’s attention.  The very nature of Facebook’s “social – proof” feedback leads to people almost unconsciously clicking random links in the Facebook feed.  “Oh, I bet this is funny, it can’t be too bad.”  All it takes is one click and your system is infected.

Well, this one is a Javascript loader that pushes a Trojan onto your PC…

ESET Nod32 Blocks Javascript Loader Trojan

If you clicked the ‘r0ller c0aster’ link in the Facebook Feed and you didn’t see a notification from your antivirus software instantly, then you are infected, 100%, no doubt.  You should be running ESET Nod32.  What if an employee clicked on that link while at your store?  Your consignment software would be rendered useless until the infection was removed.  How many minutes can you go without your systems?  How many hours?  What if your backups stopped working two days ago, but you didn’t know?  Now your systems are down and you might’ve lost the last few days’ worth of data.  See how quickly one little *click* could turn into a disaster?

The interesting thing is, ESET’s database knew about this threat and Facebook didn’t.  Now, Facebook isn’t security software (not primarily), but it does perform security tasks.  They do parse new posts for known-bad URLs and will either toss up a CAPTCHA or if it’s a known-threat (according to Facebook, that is), then they’ll block the post altogether.  Maybe Facebook could/will eventually get to the point where they utilize a global threat database.

This is one of the topics we’ll be discussing this Saturday at the 2011 NARTS Conference in Dallas, TX.  There is no silver bullet.  Sure, this is technology and security programs exist, but social engineering and people trying to scam you isn’t unique to technology.  We’ll continue to show the types of posts used to dupe you into installing malware.  Just stop and look at the URL before you click.  Make sure it’s a trusted URL.  And no matter what, just start using ESET Nod32, please?  How many times are you going to see someone get infected or you yourself, end up with an infected system?

[Warning] Another Facebook Scam

This one seems to come and go, but I’ve seen a handful of people click this latest Facebook scam link.  This one is called This Guy Took A Picture Of His Face Every Day For 8 Years.  Here’s a screen shot of the bogus post:

Fake Facebook Post

This link takes you to a *questionable* URL – pastehtml dot com.  I am intentionally not including a direct-link there and please do not try to visit that URL.

Ok, here are some pointers on how to spot a bogus post on Facebook.  Let’s take a closer look at the actual post.  Notice the actual URL/website is visible right there on the post, before you even click anything?

Read before you click!

Right off the bat, I see pastehtml . com and I realize that is clearly a shady URL.  Does that seem like a legit website to you?  Is ‘pastehtml’ a company you do business with, a news organization, etc?  That is how this stuff “slips by” people – clicking without reading.  When you see a a post like this, you should mark it as spam.  This will help Facebook to prevent this sort of post in the future.

Facebook Post - "Mark as Spam"

This fake link will install malware on your system, so if you’ve clicked a post like this on Facebook or if you’ve seen friends/family members that have, it’s time to scan your system.  Your security program would pop-up right away, detecting this malware; if it didn’t, your security software isn’t good enough.  Also make sure you switch to Firefox so you can start using NoScript to block malicious scripts from running in the first place.

Just please stop clicking these bogus links though!  Let us know if you have any questions and don’t forget to come see us at the NARTS Conference 2011!!!  We’ll be going over topics just like this in our Online Safety class!  More info on the NARTS website.  -> http://mycp.biz/narts2011 <-

Yeah, cute pic of a puppy? It’s a virus…

Here’s another one.Puppies ARE cute! Another bogus link that entices people to click it.  I mean, that is a really cute puppy!  Facebook is a great resource for businesses.  That being said, it can be a breeding ground for viruses.

Facebook is social by its very nature.  Information is shared quickly, which is good and bad.  In this case, one <click> leads to a virus post sitting out there in a feed.  Then someone else sees it and goes, “Oh, well if Bill liked it, it MUST be good! <click>

ESET Nod32 Actually WorksWham, that’s when you get hit with a virus or Trojan.  Most people aren’t running ESET NOD32 though.  With ESET, it’s at least going to catch the Trojan that was downloaded to your hard drive.  It’s better just to not click links like that to begin with.  Why tempt fate?

A virus can bring down your entire business in a matter of seconds.  Once a virus (or in this case, a Trojan Downloader) is installed, your system is no longer in your control.  Networking can be rendered useless, preventing your computers from talking to one another.  Software won’t run, meaning your consignment software is dead in the water.

The extent of damage a virus can do is vast.  The damage can be so bad that at the end of the day, it’s simply not worth it to try and fix up the rest of the damage.  It ends up being quicker and more cost-effective to backup your data, erase the hard drive and reinstall Windows.  That’s not exactly fun either, so while it’s possible to recover, it comes at a cost.

It’s really easy to avoid all of this.  Here’s the checklist:

  • Use ESET Nod32 Antivirus, period.
  • Install Firefox 4 and the NoScript Add-on
  • Talk to your employees and co-workers about these silly, fake scams that float through Facebook – awareness is everything!

If you clicked on the puppy and didn’t get a prompt from your antivirus software that the threat was blocked, chances are you are infected.  I’m not saying you shouldn’t use Facebook – no need to throw the baby out with the bathwater.  I am trying to encourage and spread awareness.  We use awareness in our everyday lives to avoid pyramid schemes and sales tactics.  Let’s bring that same power to the virtual world.

Sure it’s just 0s and 1s, but this virtual stuff can end up costing you real money.

Facebook Social Engineering – You’re Getting “Had”

People, please keep an eye on what you click.  There are more and more scam links floating around on Facebook these days.  Consignment stores, if you’re using Facebook for your business, you need to make sure you know about this sort of stuff.  Especially if you have employees that access your Business page to post images, etc.  Here’s an example of one of the latest scams…

OMG - Fake Facebook Link
OMG - Fake Facebook Link

Chances are, if the post/link starts out with “OMG,” you might not want to click it.  Just sayin’.  If you’ve already clicked on the Facebook scam link from your Feed, go and delete the post right away.  Also, make sure your system is not infected as many of these links download Trojans and malware to your hard drive.  Lastly, since many of these links attempt to “phish” your username and password from you, it might not be a bad idea to change your Facebook password right away.

We’re doing our best to help as many consignment stores as possible.  Facebook and Twitter have their benefits, but you should know what’s out there before you or your employees run into one of these scams.

Bogus Facebook App – “See Your Future”

There’s a new – and bogus – Facebook App floating through the Feed.  It claims to let you “See what your face will look like in 20 years!”  Here’s what it looks like within the Facebook Feed…

Bogus Facebook App
Bogus Facebook App

Here are the first things that tipped me off:

  • It starts out with “omg”
  • The link is actually masked using the bit.ly URL shortening service.  While bit.ly isn’t bad (it’s actually a fantastic service!), combined with the “omg” and the following, it doesn’t look good.

The apps wants complete access to your contacts, Facebook Pages (e.g. your Business page), to post to your Wall and here’s the doozy – it wants access to Facebook Chat…

Facebook App Permissions
Facebook App Permissions

If you installed this app (or if you think you did), you should remove this app right away.  In Facebook, head to Account > Privacy Settings > Apps and Websites > Edit Your Settings.  Click Remove unwanted or spammy apps

Remove Unwanted or Spammy Apps
Remove Unwanted or Spammy Apps

Find the See Your Future app and click the X to the right of it…

Uninstall Facebook App
Uninstall Facebook App

This is also a good opportunity to inspect the rest of the apps you have installed.  See which ones you really need.  If you don’t need it, uninstall it.  Really the only apps you would need would be obvious – e.g. HootSuite, Twitter, etc.

If you have any questions, feel free to comment below!

Back To Top