🧝‍♀️

🌊

Check & Secure: Social Engineering – Using Human Nature for Facebook Attacks

March 26, 2014 Thomas George

People have an inherrent weakness. With increasing frequency, online criminals use this weakness to spread malware through the installation of harmful software. Of course, it is not presented to the people as malware. It is disguised, sometimes as software require to play a sensational video, other times a “vitally important” browser update for Google Chrome or Mozilla Firefox and sometimes even a “Crack”, a programm used to unlock illegally downloaded games or other software.

Old favourites remain popular. Spam messages shared by status updates on Facebook, often linking to tempting videos: car accidents, scandals in popular TV shows, nip slips and spectacular sporting events.

Fake Video DownloaderThe videos have one thing in common: that they exist, but are not available through Facebook’s built in video player. Clicking on the video lead the curious user to a site outside of the social network, where they are informed that they require an update to their video player to see the clip.

Among the files downloaded, harmful software is to be found. Not only successfully downloaded, but completely installed by the user themself.

The criminals’ work is a question of thinking up “campaigns”, built around current affairs and news events. How do the Spam Messages get onto the Facebook timelines of the victims? In almost every case, this fucntions through social engineering or, in other words, the games that fraudsters play with the weaknesses of human nature. In a lot of cases, the spam campaign begins with a Facebook message to the potential victim, send from the hacked account of one of their friends. The message’s content: you’ve been tagged in a photo. Clicking on the link requires the instalation of a new browser plugin.

This extension could contain a trojan, that saves the information in your browser such as your Facebook email and password, allowing criminals to hack into an account and send messages to the victim’s friends. And so the cycle continues.

How do I protect myself?

Stick to the general rule: Stop. Think. Connect. Become a fan of Stop.Think.Connect, a useful source of new on social media scams.

Use a professional anti-virus system. Make sure that the background checker is active and that the software is kept up to date. The following rule applies: The shorter the time between updates, the higher the level of protection.

Inform the powers-that-be at Facebook if your, or a profile belonging to a friend, appears to be abused.

Protect others by registering harmful sites on recognised blacklists.

Thomas George

Thomas George is Check & Secure's security expert for all matters in the United Kingdom and USA. He comes from years of experience in the blogging and social media communities. Thomas has been writing for Check & Secure since the very beginning, and likes to write about the following themes: Malware, Phishing, Social Engineering and Data Protection

--

🧝‍♀️

There was a link to a guide for avoiding phishing schemes, but it wouldn't load.

--

Back to Why Chain Letters Are So Bad

Comment options:

htmlcommentbox.com