Loading....

Facebook Social Engineering – You’re Getting “Had”

People, please keep an eye on what you click.  There are more and more scam links floating around on Facebook these days.  Consignment stores, if you’re using Facebook for your business, you need to make sure you know about this sort of stuff.  Especially if you have employees that access your Business page to post images, etc.  Here’s an example of one of the latest scams…

OMG - Fake Facebook Link
OMG - Fake Facebook Link

Chances are, if the post/link starts out with “OMG,” you might not want to click it.  Just sayin’.  If you’ve already clicked on the Facebook scam link from your Feed, go and delete the post right away.  Also, make sure your system is not infected as many of these links download Trojans and malware to your hard drive.  Lastly, since many of these links attempt to “phish” your username and password from you, it might not be a bad idea to change your Facebook password right away.

We’re doing our best to help as many consignment stores as possible.  Facebook and Twitter have their benefits, but you should know what’s out there before you or your employees run into one of these scams.

Bogus Facebook App – “See Your Future”

There’s a new – and bogus – Facebook App floating through the Feed.  It claims to let you “See what your face will look like in 20 years!”  Here’s what it looks like within the Facebook Feed…

Bogus Facebook App
Bogus Facebook App

Here are the first things that tipped me off:

  • It starts out with “omg”
  • The link is actually masked using the bit.ly URL shortening service.  While bit.ly isn’t bad (it’s actually a fantastic service!), combined with the “omg” and the following, it doesn’t look good.

The apps wants complete access to your contacts, Facebook Pages (e.g. your Business page), to post to your Wall and here’s the doozy – it wants access to Facebook Chat…

Facebook App Permissions
Facebook App Permissions

If you installed this app (or if you think you did), you should remove this app right away.  In Facebook, head to Account > Privacy Settings > Apps and Websites > Edit Your Settings.  Click Remove unwanted or spammy apps

Remove Unwanted or Spammy Apps
Remove Unwanted or Spammy Apps

Find the See Your Future app and click the X to the right of it…

Uninstall Facebook App
Uninstall Facebook App

This is also a good opportunity to inspect the rest of the apps you have installed.  See which ones you really need.  If you don’t need it, uninstall it.  Really the only apps you would need would be obvious – e.g. HootSuite, Twitter, etc.

If you have any questions, feel free to comment below!

Latest Facebook Scam Link – “Tsunami/Whirlpool”

I just saw a new scam link floating through the Facebook feed.  One of my friends clicked it and it shared itself into his Feed…

Facebook Tsunami Scam Link
Facebook Tsunami Scam Link

This is a malicious link that downloads a Trojan (virus) to your hard drive.  If you’re fortunate enough to be running ESET Nod32, you won’t feel a thing.  🙂  ESET is nice enough to keep track of known-malicious URLs so when you click one, nothing happens and you get a nice little notification…

ESET Nod32 blocks malicious URLs
ESET Nod32 blocks malicious URLs

For a split second, a fake video player is displayed…just before the Trojan is downloaded…

Fake Video
Fake Video actually downloads Trojan (virus/malware)

A few key signs reveal this is a bogus site, before you even click it.  First, there is no Title info in the post, just a glimpse of the URL.  Typically, you’ll see additional content from a news site, blog, etc.  That’s not enough though.  It’s really the domain name itself.  If you’re looking for the latest, breaking news, chances are it isn’t going to come from a “.info” site named “japan earthquake update.”  For Pete’s sake, the domain was just created yesterday…

Domain Registration Date
Domain Registration Date

The point is, there are a lot of bogus sites out there.  Think before you click.  Switching to a Mac isn’t going to enhance your awareness and increase your experience.  If you’re going to use Facebook, avoid links, period.  Go directly to news sites if you need legitimate news.  If you’re a consignment store and rely on your consignment software, clicking a link on Facebook could bring that to a screeching halt.  We’re trying to help consignment store owners navigate the Facebook terrain.

If you were one of the unfortunate people that did click that link, please contact The Computer Peeps immediately.  The first thing is to change your passwords, but once you have a Trojan that has infected the system, keyloggers are typically involved.  The virus/Trojan will have to be eradicated before you can even think about using the system again.

======================================================

I did some digging via DomainTools and found some handy bits of info.  First, it appears the owner of this site runs his/her own name servers…

Domain Tools - Name Server Info
Domain Tools - Name Server Info

Do not visit the domain for the Name Servers above.  As of 3/15/2011, the domain is still active and if you access that URL, it attempts to run a JS exploit and then re-post the URL back to the Facebook Feed via Facebook Connect…

JS Exploit + Facebook Connect
JS Exploit + Facebook Connect

Ultimately, the site’s IP appears to stem from a host out of Dallas, TX…

Reverse IP / IP Info
Reverse IP / IP Info

For what it’s worth, I’ve reported the offending domains + the malicious activity to the host.

Facebook & Twitter Spam

Facebook spamAccording to thinq UK, Facebook was recently hit by the biggest wave of spam in its history.  What is Facebook spam?  You’ve probably clicked on one of the links that show up in the Feed.  You’ve seen them before – e.g. “OMG!  Look at what this babysitter did to this baby!” or “Guy takes a pic of his face everyday for 8 years!”  It grows exponentially.  One person clicks it, another person sees their friend clicked it (it shows up in the Feed) and so on and so on.

The thing with Facebook is, it’s a Website.  It makes no difference if you’re running a Mac, Windows or Ubuntu.  You could have the best, most-expensive antivirus software – it doesn’t matter.  With Websites, it’s all about trickery and deception.

The only defense against it is user awareness and thinking before clicking.

The bad guys know the keywords you’re searching for.  Take for example the recent Charlie Sheen activity.  Users click links to what appear to be stores about Charlie Sheen.  They’re then greeted with pop-ups asking them to install a malware remover.  This is actually malware trying to trick you into letting you install it.

Everyone should be aware that malware writers have become very adept at search engine optimization to ensure their malicious links get placed on top image results returned from Google searches.

With Facebook and Twitter, it’s so easy to quickly spread a link.  If someone isn’t paying attention or is “lured” in by a thrilling tag line, they end up getting scammed.  Just the other day, an inconspicuous link started appearing in the feed.  It was supposedly an article about how a guy took a picture of his face once per day for 8 years.  Seemingly harmless, right?  Well the link led to a fake YouTube site…

Fake YouTube

The most important point for consumers is to not agree to download or run any software they do not intend to install on their machines — and to not be scared or intimidated into doing so.

The one that everyone seems to fall for is the, “see who’s viewing your profile” scam.  That’s just it, it’s a scam.  Here’s a great article on TechCrunch that details the scam.  These used to show-up on MySpace and now they’re all over Twitter and Facebook.

So how do you stop it?  The Computer Peeps recommend Firefox with NoScript.  This will prevent any malicious Javascript (such as the ones launched in the Facebook feed) from being launched.

This isn’t something software absolutely prevent.  The key is, awareness.  Be aware that the bad guys know what you’re searching for.  Be aware that people spread links unintentionally.  Unless it’s a trusted news site or authority on the topic, watch what you click.  I’m sure it would be more exciting to have some geeky way around this but honestly, it really does come down to awareness.

To recap:

  • Think before you click.  Is that enticing headline truly what it appears to be?  Is it worth clicking on to find out?
  • Know that no software can protect you from social engineering.  Much like in life, it’s all about experience an knowledge.
  • Make sure Windows is up to date and getting the security patches that come out on an almost-daily basis.
  • Make sure you’re running ESET Nod32 antivirus.

Sources:

Back To Top