Five Threats on Facebook: What you need to know to protect yourself -Part 2

By Shan Balasuriya Posted Date: 2013-10-09

Last week on our blog we discussed two of the five malicious threats users of facebook are prone to. We outlined the 'Koobface' & 'Palevo' worms as well as the 'Zeus' trojan and how you can protect yourself from these. Todays blog post covers the details of the other malicious attacks.


3. Clickjacking also known as 'Likejacking':

Another type of social engineering attack that tricks users into clicking on seemingly normal aspects of a facebook post and its functionalities resulting in a mass spread of the malicious script. When a user ‘likes’ certain media or posts it allows these to be shared with their friends - people see posts liked by their friends on the newsfeed and tend to click on it themselves. These ‘likejacking’ scripts make use of this like feature to spread the malicious content.

Majority of ‘likejacking’ scams follow the same structure:

  • uses an interesting and alluring title about some fake article or media post to captivate interest
  • wait for users to like the article 
  • re-post itself on the newsfeed
  • keep repeating this format
Although this process isn’t always directly harmful, it can be annoying and can also lead to spammy websites which in turn can result in viruses and loss of sensitive information. These forms of attacks rely on exploiting peoples inquisitiveness by using enticing titles like “See what happens to this man after he takes on the police” or something about a trending newsworthy event. They also exploit trust as the links maybe disguised as posts from your friends

Safeguarding yourself from ‘Likejacking’:
Keep an eye out and avoid clicking on articles that have titles that are too ludicrous to be true. Don’t like everything, use caution when clicking, liking or sharing posts and be doubtful of any free offers that seem out of place.


4. The facebook black scam & browser extensions:

Some time ago there was a very popular scam spreading on facebook that promised users a different look for facebook. This attracted users to proceed with a malicious installation by providing them the prospect of a facebook appearance that is different to the norm – one that uses a black theme. The fact that ‘Facebook Black’ would make your homepage look ‘cooler’ and different resulted in a quick spread of this threat.
When installed the files lead to a flood of annoying pop-ups and surveys on your computer, in addition to the bothersome surveys the malware also sets up a promotional page on your facebook account to fool your friends into clicking on the same link.

Protecting yourself: 
Always do research before downloading and installing any add-on software that ‘modifies your facebook experience’ since most times these are harmful scripts disguised as useful software.  A lot of times these malicious bits of code can be integrated with a browser extension (like a Google chrome add-on). If you’re ever infected by these, make sure you thoroughly scan your system and remove the files immediately.


5. Who Looked at your profile?

Facebook users are generally very curious. Also considering it is a social media networking site, it is used as a form of communication and social definition. Due to this fact that facebook users are mostly made of curious inquisitive people, there has always been a desire to know who has been looking at your profile and your pictures. Even though facebook has never made this information available to its users, you still see plenty of groups, links and even apps that have been shared that talk about seeing this info. This is a result of the large number of scammers willing to exploit this desire.

In addition to the regular misleading posts and links these scammers have even resorted to advertisements for fake apps that show you who has been looking at your profile. Usually these links will lead to the installation of a third party facebook app or a browser extension. When installed these will grant hackers the ability to access and control your system as well as let them obtain sensitive personal information

Protecting yourself: 
It is important to take precaution and like before be very careful about which links you click, as well as what applications you install. It is a good idea to regularly check the apps you use on facebook and remove ones that you don’t trust or rarely use.

Conclusion:
As you can see there are many forms of online malicious threats that exploit the large number of vulnerabilities on facebook. It is very important to take special care when using facebook so you do not open yourself to these attacks; a lot of these threats require the user to directly initiate the malicious attack. If special care is taken and the due diligence is given to decisions made online (especially with what we click and who we trust), you can prevent yourself from being a victim of these social engineered cyber-attacks.