Five Threats on Facebook: What you need to know to protect yourself -Part 1

By Shan Balasuriya Posted Date: 2013-10-01

Last week on the Web Choice Online blog we discussed some tips to maintaining a secure environment on facebook, so as to protect your sensitive personal information and ensure online safety. Today we will discuss some of the most notorious types of malicious attacks on facebook as well as how you can protect yourself from these common threats.

With the popularity of facebook increasing dramatically over the last few years, there has been an emergence of a variety of malicious attacks that are focusing specifically on people rather than technology. What this means is these threats are trying to obtain sensitive personal information and directly affect individual users rather than just the technology they use.

As popular as facebook is with users, it is also a very attractive tool for cyber-criminals who use social engineering in order to spread malicious content or earn money unethically. Social engineering is used to effectively convince people to unknowingly act in the interest of cyber-criminals. Social engineering involves disguising these attacks in ways that would convince people to trust them, like using well-known icons or interesting phrases that will be used to lure people into clicking these. Five common threats you may encounter as a facebook user have been outlined below.

  1. The Koobface & Palevo worms:
    This is one of the well-known threats on facebook, seen as a facebook message or post that tries to lure users into viewing videos with links that appear as though it came from YouTube. Koobface commonly appears on your newsfeed or friends wall, masquerading itself as a must see viral video with an attractive title. Upon clicking this link the user is prompted to download the latest version of adobe flash player – which in reality is a malicious file. When this file is installed the infected computer is turned into a bot to spread more of these links that can lead to other types of attacks. Since the infected computer will start spreading these links by making posts as you, it exploits the trust that people have amongst friends. You are less likely to suspect a link shared by your friend is something harmful to you.  In some cases the installed software will also grant the cyber-criminal remote access to your computer, thus giving them access to your most sensitive digital information.

    The Palevo worm is a variant of the Koobface worm and makes use of facebook chat and applications functionality. It spreads as chat messages from friends as well by disguising itself as a facebook application (an example of this was one link that disguised itself as a photo album application). The results of the attack are similar, the user is prompted to install an application that harms the computer as well as gathers sensitive info.

    Protecting yourself from these threats:
    The best way to avoid being a victim of these attacks is to be very careful in what you download and install from social media sites. It is also equally important to keep your anti-virus software up to date so the most recent strains (variations) of Koobface can be detected.Protecting yourself from these threats: The best way to avoid being a victim of these attacks is to be very careful in what you download and install from social media sites. It is also equally important to keep your anti-virus software up to date so the most recent strains (variations) of Koobface can be detected.


  2. The Zeus Trojan:
    As the name suggests the Zeus is a Trojan horse – a type of malicious software that hides in your computer waiting for the right moment to attack. Many users don’t realize they are infected with a Trojan until it is too late. Like the Koobface worm, Zeus also spreads the same way disguising itself as fan pages, shared posts and even in friends profiles.

    When clicked on the Zeus Trojan prompts users to install disguised malware on their computers that sits dormant on the system up until the moment you access your bank account. At this point the Trojan makes a copy of your username and password, which can then be used by cyber-criminals.

    Protecting Yourself:
    Again the same principle applies, do not click on links that appear suspicious, or subscribe and ‘like’ pages that don’t seem trustworthy. In addition to this it is also important to bookmark websites that handle your personal information (like banking sites and email providers) and never follow a link to them through a facebook page or notification email. When following a link, make sure the domain names match exactly with the trusted website domain (for example commbank.com.au can be disguised as combank.com.au, which if you didn’t know better you would think was a trustworthy link from your bank). 

The other three types of malicious attacks that can be encountered on facebook will be discussed in our next post. If you want to stay informed and learn more about security on facebook and other useful online technology news follow the Web Choice Online blog today!