• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
5 Facebook Schemes That Threaten YourPrivacy
Facebook and other social networks can be easy targets.Here's how to protect yourself and your Facebook friends.
JR Raphael, PC World
Wednesday, February 25, 2009 05:00 PM PSTBeny Rubinstein knows computer security. An employee of a Seattle-area tech giant with 20years of IT experience under his belt, Rubinstein has seen a side of the industry that most peoplewill never know. He holds a degree in computer engineering, and--oh yeah--he just got scammedout of $1100 on Facebook.Rubinstein's experience isn't entirely uncommon. (We'll get to the specifics in a moment.) What'sstriking about his story, though, is that it demonstrates how easily anyone--even a highly trainedexpert in computer security--can be ensnared by a seemingly simple social network trick. And allkinds of these schemes are on the loose.More than 20,000 pieces of malware attacked social networks in 2008 alone, estimates theonline-security firmKaspersky Lab. That's no surprise, either: While e-mail is still the mostspam-filled medium, researchers suspect that social network cybercrime is growing at a far faster rate."People are used to receiving spam and malicious messages in their e-mail, but it is much lesscommon on Facebook," saysGraham Cluley, a senior technology consultant with Sophos. "Theyare lulled into a false sense of security and act unsafely as a result."You can avoid becoming one of the many who make that mistake. We've dug up the dirt on fiveschemes currently posing a threat on Facebook. We turned to analysts who study them as well asto users who have fallen for them, all to help spread the word about how these things work andhow you can best dodge them. (Facebook representatives did not respond to our request for comment.)Knowledge is the greatest weapon against becoming a victim. Read on, and arm yourself well.
 
Scheme #1: The Nigerian 419
It may sound like a hip new emo band (or a somewhat old e-mail scam), but the Nigerian 419 will do more than just offend your ears--it'll also empty your wallet. The moniker refers toascam dating back decades that has recently entered the social network scene.Back to Beny Rubinstein. A couple of months ago, Rubinstein received some alarming Facebook messages from a friend and fellow tech professional."[He said] he was in the UK and was robbed, and needed $600 to fly back to Seattle," Rubinsteinrecalls.The messages came both in Facebook-based IMs and in e-mail. They included details such asfamily members' names, making the notes appear all the more authentic. It wasn't until 2 hoursand $1100 later that Rubinstein realized what had happened: Someone had hijacked his buddy'saccount, contacted his friends, and--at their expense--made off like a bandit."Scammers figured out that even though social networks don't have direct access to money, theyhave access to information that gives you a good shot at getting someone else's money," saysVicente Silveira, a product management director atVeriSign and a personal friend of  Rubinstein's.
The Protection:
Before you send cash to a pal who seems to be in trouble, try to contact him or her outside of the social network--either by phone or by external e-mail. Not feasible? Ask anextremely personal question that a hacker couldn't possibly figure out from information withinthe profile. We'll leave the specifics up to you.
Next:
Be Wary of Widgets, The Koobface Virus, Facebook Phishing
Scheme #2: The Widget Warrior
Facebook is famous for its widgets--you know, the third-party applications that you can add ontoyour account. Sometimes, though, widgets turn into warriors with a single mission: stealing your data.The first rogue widget reared its head in 2008, when researchers realized that a program calledSecret Crushhad anything but sweet intentions. The application, which was supposed to helpyou find your virtual admirers, instead installed spyware onto your computer.Even worse, it encouraged you to spread the love by getting other friends on-board--essentially"manipulating humans to pass it along on their own," says Guillaume Lovet, senior manager of Fortinet's Threat Response Team.
 
Secret Crush has since been crippled, but the potential for similar threats still exists. Just daysago, security experts determined that an application calledError Check Systemwas sending outmisleading notifcation messages.Sophos' Cluley blogged that the typical warning read: "[Name] has faces some errors whenchecking your profile View The Errors Message." Cluley went on to say "Of course there wasnothing really wrong with the recipient's profiles..."He also told his readers: "This is an important reminder to all Facebook users that they mustexercise caution about which third-party applications they install on their profile, and everyoneshould remember that Facebook does not approve applications before they are made available otheir site. You really are putting your trust in complet strangers when you add that nextapplication to your Facebook profile."A few months earlier, researchers from Greece's Institute of Computer Science uploaded amalicious app to Facebook as an experiment (PDF).The team was able to configure the widget, which posed as a "Photo of the Day" displayer, to utilize its users' Internet connections for denial-of-service attacks.
The Protection:
Use extra caution when installing third-party applications. "When you accept toinstall one, malicious or not, you are granting its author access to all the info in your profile,"Lovet says. Make sure you know what the app's creator will do with it.
Scheme #3: The Koobface Virus
Don't be fooled by the name--there's little to laugh about when it comes to the quickly spreadingKoobface virus. (The word, by the way, is an anagram of "Facebook.") Once the virus infectsyour PC, it starts sending messages or wall postings to your Facebook friends, directing them toa "hilarious video" or some "scandalous photos" of someone you both know."The link promises an enticing video, but when the user clicks, he is presented with a Web pagewith a fake Adobe Flash update or a fake codec that needs to be downloaded," explains Ryan Naraine, a security evangelist with Kaspersky Lab. "That download is malware."
The Protection:
Antivirus software can help keep you safe, but some common sense can also goa long way. "Be wary of any kind of direct URL in messages or postings," advises Jamz Yaneza,a threat research manager withTrend Micro. If a site asks you to download a software update,Yaneza says, click Cancel and go directly to the vendor's page to see if the update is legit.
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...