Facebook woes of less careful users

eBook: The DevOps Roadmap for Security - Tips and tools for bridging the security tribe into DevOps. Download →

Until Facebook manages to think of a way to head off various scams when they first appear, users should hone their skills of detection and teach themselves to refrain from clicking on every funny/amazing/you-won’t-believe-it video or picture linked on a friend’s wall.

Take the following example: Gary Warner, Director of Research in Computer Forensics at University of Alabama at Birmingham, was asked to help a friend who thought that she had picked up a computer virus that has hacked and hijacked her Facebook account and is posting malicious links on it:

He has taken upon itself to investigate the matter, and found out that the “dieting” post points to a fake news page extolling the virtues of an Acai Berry diet, which in turn links to a sales page for the diet plan. You might think that the worst that can happen is that someone loses a few bucks if convinced into buying the stuff – but there is also the possibility of stolen credit card credentials, since spammers and scammers are often after all they can get.

The second post serves another purpose. What seems like an innocuous link to a funny video, will actually redirect you to a geo-targeted fake/phishing Facebook login page that will ask you to enter your login credentials. If you are not careful and suspicious enough, you might miss the fact that the page is not hosted on Facebook, and hand over the information to scammers that will use it to hijack your account and use it to post links to further schemes – which is exactly the thing that Warner suspects happened to his friend in the first place.

When something like this happens to you, the only solution is to reset your password, then access your account and delete all the malicious posts and offending applications (if they have been added). Also, as I said before, learn to ignore your first impulses and be very careful what you click on and skeptical about where that click takes you.