How to beat 22 Web security threats
- — 06 May, 2009 13:37
18-22. Five common Facebook scams
Email is still the most spam-infested medium, but social-network cybercrime is growing at a faster rate. Indeed, more than 20,000 pieces of malware attacked social-networking sites in 2008, according to Kaspersky's estimates.
1: THE NIGERIAN 419
This February, Jack Straw's Hotmail account was hacked, and emails were sent out to people in his contacts list. These claimed he'd lost his wallet while on government business in Africa, and needed to borrow £200 to help him out.
This principle has been used for years to dupe victims into handing over cash to complete strangers in foreign lands on the promise of large fortunes in return. It's known as the Nigerian 419 scam. Now a version of the con has shown up on Facebook.
"Scammers figured out that even though social networks don't have direct access to money, they have access to information that gives you a good shot at getting someone else's money," explains Vicente Silveira of VeriSign.
Before you send cash to a pal who seems to be in trouble, try to contact him or her outside of the social network, using phone or external email. If that's not possible, ask an extremely personal question that a hacker couldn't possibly work out from information within the profile.
2: ROGUE WIDGETS
Facebook is famous for its third-party applications. Sometimes, however, these ‘widgets' turn rogue and pursue a single mission: stealing your data.
The first rogue widget was called Secret Crush - and it had anything but sweet intentions. Supposed to help you find your virtual admirers, it instead installed spyware on your PC. It encouraged you to spread the love by getting other friends onboard. "The widget manipulated humans to pass it along on their own," says Guillaume Lovet, senior manager of the threat response team at Fortinet.
The original Secret Crush has since been crippled, but the potential for similar threats remains. Security experts recently uncovered an application called Error Check System that was misusing profile details and may have been stealing data.
You need to be cautious when installing third-party applications. "When you agree to install one, whether it's malicious or not, you're granting its author access to all the information in your profile," Lovet says. So you should make sure you know what the app's creator will do with this data.
3: THE KOOBFACE VIRUS
Koobface (an anagram of Facebook) is a virus that sends messages to your friends, directing them to a ‘hilarious video' or some ‘scandalous photos' of a mutual friend. Victims quickly find that there's little to laugh about.
The link goes to a web page with a fake Adobe Flash update that needs to be downloaded. Needless to say, that download is malware.
Antivirus software can help keep you safe, but common sense can also go a long way. Be wary of direct links in messages or postings and, if in doubt, type in the web address for the software maker's site to see what they have to say on the matter.