Wednesday, November 16, 2011

Scammers and phishers on Facebook

Addition to the run-of-the-mill scams you find all over the Internet, there are several scams that target social networking sites and Facebook users. These include Gaming App scams, Vanity scams, Facebook account thieves, Malicious script scams, and Clickjackers.
Avoiding gaming scams
About gaming App scams. I don’t mean you’ll be scammed by the App companies. They’re actually as much of a victim as the Facebook users who fall for the scams. If you’re an online gamer you already know you have to be careful not to fall for gaming scams. You already see offers for “cheats” and “hacks.” A lot of these things that promise to turn you into a great gamer are really designed to steal your personal information. But there are allways a good hacks and cheats. Per excample, something like ''100% REAL WORKING MAFIA WARSE HACK'' is a 100% fake! Download this stuf only from sites you believe. In contrast of games like Call of Duty, Battlefield series and many other a real hacks or cheats can be foundable.

Many phishing scams pretend to come from popular gaming sites. The danger isn’t using known third-party apps like Frontierville, it’s falling for phishers pretending to offer you game points or clues. The common scams offer prizes like free virtual objects. Other lures claim that your account has been suspended and provide a link for you to remedy the problem. Some of these scams will arrive on your Wall, but a lot will go directly to your email. Why? Numbers. Farmville has over 16 million players. Any spammer targeting a large email list with a phishing lure is bound to net a good number of Farmville players simply because there are so many Farmville players.

You may also see Wall postings like the previous one. Click on the link and you’ll be directed to a fake Facebook login page. If you log into the fake page, you’re giving your Facebook password directly to the scammer. How can you tell this is a phishing scam? Facebook will never direct you to the homescreen once you are logged in. This scammer also used a link shortening service for the this attack. While link shortening services are very helpful because they simplify very long URLs, the downside is that you may not know where they point to until you click. Use extra caution when clicking on these short links.

So how do the phishers trick you? In this radius of hacking I am not very good, i know only the base but I can tell to you some things. Phishers try to catch you off guard and hit you with the fake Facebook login while you’re actually using Facebook. The scammer might post a status update on your Wall that includes a link to something enticing. They might do this using an account they’ve stolen from one of your Friends so they gain your trust. The message will be something that will grab your attention. It might be scandalous photos, a sneak preview of a hot upcoming film, or a weird video. When you click on the link, you’re asked to log into Facebook again. Except that you’re not on Facebook anymore. The link actually takes you to a different website, so when you re-enter your Facebook login credentials, you’re handing them over to a phisher. Unlike the insanely horrible email scams written in poor English by scammers, most of the fake Facebook login screens are pretty believable.

This fake log-in screen above is recognizable ( for ex. That’s a wellthought scam since most people automatically insert missing vowels while reading without even realizing it.
How do you avoid subtle scams like this one? Remember that Facebook will never contact you by sending you a Facebook message or posting a status message on your Wall. And, always look carefully at both the link in the address bar and links you click. If it looks suspicious don't click it. If Facebook does contact you, it will be via the regular email account that you provided when you opened your Facebook account. Always look at the link and don't click on it if it looks suspicious. Also, remember that Facebook only needs you to log in once each session. If you’re asked to log in again, it’s not Facebook.

Excample of Facebook fake log in, picture is not good but you can see:

Avoiding malicious script scam
Malicious script scam is one of the sneakier attacks being used on Facebook users. A common con using this attack method claims to allow you to see who’s been looking at your profile. This enticing scam tries to trick you into pasting text into your browser address bar.

The “unique code” shown above is the malicious script. While you’re being patient as instructed, the script is setting up your profile to spam all of your Friends.
In response to detecting these kind of attacks, Facebook added checks to help detect scripts being pasted into the address bar. So if you do paste a script, Facebook will ask you to confirm that you really want to paste that script, and even tell you why it’s a bad idea. Pay attention to these warnings.  Don’t paste a script into your browser address bar unless you know exactly what it does and how. How do you avoid malicious script scam? Don’t paste a script into your browser address bar unless you know exactly what it does and how. Also give your Friends a heads up if you start seeing spam from them. Your Friends may be completely clueless that their Facebook accounts have been hacked.   Let them know to change their passwords and how to recover a hacked account if needed. (Read on to learn how to recover a hacked account.)

Avoiding clickjacking
Clickjacking is a technique used by attackers to trick users into clicking on links or buttons that are hidden from view. Clickjacking is possible because of a security weakness in web browsers that allows web pages to be layered and hidden from view. You think you are clicking on a standard button, like the PLAY button on an enticing video, but you are really clicking on a hidden link. Since you can’t see the clickjacker’s hidden link, you have no idea what you’re really doing. You could be downloading malware or making all your Facebook information public without realizing it. One form of clickjacking is to hide a LIKE button underneath a dummy button. That’s called Likejacking. A scammer might trick you into saying that you like a product you’ve never heard of in an underhanded bid to create viral marketing buzz. At first glance, likejacking sounds more annoying than harmful, but that’s not always true. If you’re scammed into liking Justin Bieber, the world isn’t likely to end. But you may be helping to spread spam or possibly sending Friends somewhere that contains malware. How can you avoid being jacked? Technologically, you can minimize your risk by staying current on browser updates. The browser companies are continually adding updates to shut down vulnerabilities that allow clickjackers and other scammers to operate. If you’re using Firefox, also consider installing the NoScript add-on. Beyond that, pay attention to what you’re getting and from whom. Would a college professor really share a post about watching hidden camera videos? If a post from one of your Friends seems suspicious, don’t click on it!
A suspicious post could be a sign that your Friend’s Facebook account has been hijacked or that your Friend has been clickjacked to like or share something without knowing it.  If you know your Friends, you’ll know what those Friends really would like or share. That’s why one of your best protections against scams is not confirming Friend requests from people you don’t actually know.
Important! One thing tahts annoying me is post like '' share this page 77 times and you will be able to download scary movie 5'' or ''send 25 frinds this page on chat and you will get 1000 coins in Mafia wars''. That isn't dengerous but is annoying. When you shere some page xxx times, what will happen? NOTHING!!! Its a trick for stupid people thats fall for those.

No comments:

Post a Comment