By Vic Hargrave
Facebook accounts have become the targets of increasing amounts of spam in the last week since the company announced improved security features designed to protect their users from social engineering attacks.
According to an article by CNET writer Elinor Mills, spammers are working overtime to get access to your accounts and personal information in what amounts to a Facebook spammers “arms race.”
What These Attacks Look Like
One attack mentioned by Mills appears to be a Facebook announcement. that claims the company supports a ”Dislike” feature and that you can enable for your account by clicking on a button as shown below:
This is a powerful ruse because many people would love to have this feature to criticize a Facebook account they don’t like. Facebook will never implement it though, because it encourages bullying and other sorts of anti-social network behavior.
At any rate, clicking on the “Enable Dislike Button” link leads to this message being posted to your profile, thereby forwarding it to all you friends. It also takes you to a website where you are instructed to enter Javascript in your web browser address bar. Using Javascript in this manner is never a good idea, particularly when a website you know nothing about urges you to do it.
Another attack has been reported that is very much like this one. Users get a message, “why are you tagged in this video” and includes a link that looks like it’s for YouTube. If you click on this link, however, you are a taken to a site that also instructs you to enter Javascript code in your browser.
Last week, I received a message from a Facebook friend that looked like the following:
This scam has been reported recently on security blogs. Be advised that there is no feature out there to see who is stalking your profile on Facebook.
What You Can Do About It
The power of these attacks is their ability to get you to do things out of blind trust. So the best defense against them is to be skeptical. If you receive a Facebook message that seems suspicious, it probably is and you should not follow any links it might include. Either ignore it or better yet let your friends on Facebook know about. But do this with a message you write yourself and don’t forward the original bogus message otherwise you’ll be doing the malware’s bidding.
Staying informed about what is going on in your social networking world is also very helpful in evaluating the validity of any suspicious message you may receive. Check back with Fearless Web and other Trend Micro security blogs such as the Malware Blog. CNET’s InSecurity Complex by Elinor Mills is another good source of security information.
Facebook also provides information on their Help Center on what to do about abuse of their service.
Last but not least, use security software like Trend Micro Maximum Security, which provides the capabilities to find and block links to malicious websites. Also if you need help you monitoring and protecting your kids online, check out Trend Micro Family for Kids.