According to the consumer fraud reporting research on internet scams, scam complaints and reports increased by more than 30% from 2008 to 2009 alone. More disturbing yet is the fact that more than 65% of these scams originated from theUS, followed closely byUK at 10.5% andNigeria at 7.5%.
A line from a recent movie goes “the most persistent virus is an idea. Once in, it is almost impossible to eradicate. It is so powerful. that it can change the world…”
Well an army of ‘ideas’ is indeed spreading like wildfire on Facebook and more often than not, they are scams. Like real life viruses, these scams spread from network to network through friends and acquaintances that fall for them. So if you notice your friends or even your own Facebook account posting weird links to web pages promising a hilarious, shocking or scandalous video, freebies like an iPad, free Facebook credits or a Subway gift card, chances are your friend’s account or your own account has already been infected.
Here are some of the Most Common Facebook Scams!
Phishing / Identity Theft
This type of scam hijacks your Facebook account by luring you to a webpage having a fake Facebook log-in page or malware that installs a keylogger [a malicious program capable of searching for usernames and passwords in your PC]. Upon gaining control of your account, the scammer will then contact your friends and attempt to scam them by pretending that you’re in trouble and you need some money or by posting messages and links that will compromise their accounts in turn.
Malware / Spyware Infested Links
A scam that also lures Facebook users into clicking on a link or pasting a code on their browsers that would activate a download of malicious programs such as worms, viruses, Trojans, keyloggers, etc into their computer. These malicious programs could then be used to collect personal data, hijack online accounts [bank, PayPal, email, Facebook], send malware infested links to email and social media contacts, control user’s computer to perform click fraud or ‘cyberwar’/DDoS, etc.
Click/Like Jacking
Yet another Facebook scam that at the surface seems relatively harmless. This type of scam involves luring Facebook users into clicking on a link that accompanies a message that friends have ‘liked’. The link would then take a Facebook user to a page where they will be asked to perform an action such as clicking on a button that says the user is over 18. This action, in turn would activate a code that would automatically post a message that you have also ‘liked’ that subject on your wall and thus spreading the scam to your network.
While such action appears relatively harmless, Sophos technology consultant Graham Cluley warns that this could be adapted as a method of delivering malware through social media networks like Facebook.
Subscription
A scam that lures users to unknowingly subscribe to a service that will automatically charge their mobile phone accounts or credit cards. This is usually accomplished by taking Facebook users to a page that requires them to perform a series of actions that culminates into the user giving his or her mobile phone number of credit card number.
419 Advanced Fee Scams / Romance Scams
This type of scam involves convincing Facebook users to send money in order to collect a lottery prize, to buy a non existent product, to become a part of a get rich quick or residual income scheme, or even to help a Facebook ‘Friend’ or ‘Lover’ in distress.
How to Identify a Facebook Scam?
Facebook scams may appear in different forms but there are a number of things they have in common that should help you identify possible Facebook Scams:
1. Paste a Code in your Browser: Anything in Facebook that prompts or lures you into pasting a code / URL into your browser is a sure sign of a scam. This is because pasting such code in your browser will automatically run a javacript command [which is against Facebook Policies as it could contain malicious codes] on your account or direct you to a malware infested page.
2. Upgrade your Flash Player or Download a Program: Similarly, clicking on any link in Facebook that prompts you to upgrade your flash player or download a program is also a clear indication of a scam in progress. Just like in the previous example, performing this action will download a host of viruses, malware and other malicious programs in your computer.
3. Post Links to Other Pages and Invite your Friends: Anything in Facebook that requires you to perform this action before you can claim a prize, view a video, join a group, or anything else that you want to do is a big red scam flag. This type of action turns you into a Facebook ‘virus’ that widens the reach of the scam.
4. Fake Log In Pages: Fake Facebook log-in pages are hard to distinguish from the real one. You can spot fake Log-in pages by checking on the url address that appears on the top portion of your browser. Pop-up log in pages are also fakes. A simple way of avoiding phishing scams of to only use www.facebook.com address when logging in.
5. Requires Private / Confidential Information: Another dead giveaway to Facebook scams are applications, quizzes, polls, forms that require you to provide confidential information such as your mobile number, credit card number, or social security number before you can view your results or claim something. Such information should never be disclosed within the Facebook network. Submitting such information will lead to automatic subscriptions to mobile phone services or your credit card being used by scammers.
How Do These Scams Spread?
Having learned what the popular Facebook scams are and how to identify them, the next thing you need to know is how these scams spread.
1. Wall Posts: News Feed is the most common medium of Facebook scams. One your friend is infected, the link and message that is automatically generated by the scam appears in your new feed. Clicking on the link that comes with the message will in turn, infect your account and post the scam message and malicious link on the news feeds of your friends.
2. Chat/Private Messaging: these scam messages and links could also spread through chat and private messaging. Moreover, some of the recent 419 advance fee scams and identity scams make use of the chat and private messaging feature of Facebook to solicit money from the victim’s friends.
3. Groups and Pages: Scams also spread through viral groups and pages which promise something in return for you inviting your friends to also join the group. These will typically require you to invite your friends first before you can join. Sometimes they will also require you to paste a code on your browser or perform a task.
Examples of groups/pages like these are the profile spy group [which promised to release a Facebook profile spy service as soon as the required minimum number of members is met], the group against Facebook charging it users fees and the Facebook free credits group. The massive following of these groups as well as the high level of interest of its members make it easy for group/page admins to spread their scams
4. Rogue Applications: Under the Facebook marketing strategy, third party applications are allowed and can pull profile information from its users. While it’s true that Facebook security teams police these 3rd party applications and shut down those that violates its policies, there are still many rouge applications that still manage to get through. An example of this is the quiz application that requires users to input their mobile phone numbers in order to view their scores.
5. Fake Events: Fake events in Facebook work much like scam groups and fanpages in the sense that they lure participants into performing a set of actions like inviting their friends and posting links on other pages. An example of this is the Get a New Facebook Theme event.
How to Protect Yourself From Facebook Scams
Given the dangers of social media as presented above, here are some practical tips on how to be safe from Facebook scams.
1. When in doubt, DON’T CLICK that LINK! This holds true for any internet activity such as using your email, surfing the net, using your instant messenger, etc. Be on the look out for weird status messages, weird private messages, emails, etc. Always ask your contact if he or she has indeed posted the link before clicking on it.
Be extra careful when you see links attached to messages designed to arouse your curiosity or greed as this is a standard operating tactic for scammers. Some examples are: hey do you know your profile pic is posted in <link>, 98% Of people FAILED this EYE TEST! Will you? <link>, 99% of people can’t watch this video more than 25 seconds” <link>, hilarious video <link>, I won a free iPad <link>, etc.
2. Keep your anti-virus/anti spyware programs updated! Just like in the real world, computer viruses, along with spyware, malware, keyloggers, worms, etc adapt to online threats. It’s a never ending virtual arms race between antivirus programmers and virus makers and the only thing protecting your computer and your data from new malware and viruses is your antipyware/antivirus daily update.
3. Limit Online Surfing to Trustworthy Sites: Trustworthy sites are those having a long history of good reputation and service in the internet. An online tool that will help you in determining the trustworthiness of the site is the Google Page Rank tool. Generally, the higher the page rank of a certain website, the more reputable it is. You can also use the page rank tool in determining whether a Facebook log-in page is a phishing site or not. The main log-in page of Facebook –www.facebook.com has a pagerank of 10/10. Phishing sites will have a pagerank of 0/10.
4. Optimize your Privacy /Security settings and Limit Information posted on Facebook Accounts: Make sure that your Facebook privacy settings are set to the highest level by limiting those who can view your profile info, email address, birthday, home address, pictures and updates to friends only or in some cases, by setting these to private.
Check and limit the applications settings to include only the applications you trust. [you can check how trustworthy applications are by reading the reviews on their application pages and by doing a Google search on them as well as the reputation of the companies that made them]. You can edit application settings by clicking on the appropriate drop down option under the account button. Here you can check what applications you have granted additional permissions to, applications you have authorized and those that you have added to your profile, etc. You can also view additional details on how each application uses your profile info by clicking on the edit settings button.
Limit the information you post on your profile. Don’t post sensitive information such as your home address, mobile number, home phone number, etc if you want to make sure that such info will not be used against you and your friends by scammers.
5. Change and Optimize your Facebook Password: If you have noticed your Facebook account doing weird things liked posting links on your wall without your permission or sending pms to your friends, change your Facebook password immediately after updating your antivirus programs and doing a full system scan. Use a password that cannot be easily hacked by making your password long and by utilizing numbers and special characters.
Lastly, always be on the lookout for new Facebook scams and how they work / spread by joining the Facecrooks Fanpage and by reading the scam watch section on our website [www.facecrooks.com]. Facecrooks update its members daily regarding trending Facebook scams, what they do and how you can deal with the threat. By keeping up with the new scams and by passing along the warnings / alerts to your friends, you can do a lot in keeping Facebook a scam free social network.
