Facebook now has over 500 million registered users, which makes this social network (like many other social networks) a very attractive “fishing pool” for attackers. There are so many potential victims that could easily fall for any of the scattered bait. So, it does not come as a surprise that we see another scam campaign launched nearly every week.
Currently, one of the ongoing scams is referring to a guy that apparently took revenge on his ex-girlfriend. The enticing message that has appeared on many profile pages is similar to the following:
“OMG This GUY Went A Little To Far WITH His Revenge On His EX Girlfriend”
Even though it might appear that one of your friends has shared this link, he or she most likely did not do it knowingly. This is because whenever someone follows one of these malicious links, he or she ends up at an intermediate site on Facebook that will then load an “iframe” from a remote site. In this particular case, the remote site hosted four more scams targeting Facebook, each with different themes. The iframe loads an Uncle Sam image from a free image-hosting site and then asks the user to click on some part of the image. However, what the user doesn’t see is that the attacker has also loaded a Facebook site, but has modified it to be invisible. The hidden page that is loaded is the Facebook “Like button” page, which is conveniently placed under the mouse pointer of the user. Hence, when the user clicks on the colored bars of the image, he or she is actually clicking on the invisible Like button and consequently shares the attacker’s link with all of his or her friends on Facebook. (The same trick is attempted with an invisible “Share” button.)
This is a typical “click jacking” attack that we have already talked about in an earlier blog article. Unfortunately, this type of attack still works, as the growing number of victims proves.
Once a user has “liked” the scam page, the attackers are free to send update messages to their unwitting admirer. Even worse is that this enables the scam to spread like wildfire on the social network—for instance, in the time it has taken me to write this blog post another thousand users (and counting) have clicked the disguised Like button.
At this point, the suffering for the user is far from being over. The initial hope was to read the thrilling story of the guy and his ex-girlfriend, but before that happens the user is forced to visit some advertisements site, supposedly as part of a verification process. Of course, the verification process is more than likely just a ruse to direct users to the advertisers’ site. At the end of the tunnel—after opening multiple sites and subscribing to different premium services—the user is presented with an outdated news story that is not as fascinating as had been promised. However, since many people have a curious nature, more and more of them will click on the link and follow the instructions in the hopes of finding some entertainment or an interesting story.
Always be wary of enticing messages, even when they appear on friends’ profiles. When you are asked to install additional applications or fill out premium surveys just to see a video or picture, it is most likely a scam and it should be fully ignored.
This is just one example of the weekly scams we see attacking social networks. You can see another example in this video:
We will be doing a small series of blogs and will post a few articles over the coming weeks on the different threats that we encounter in social networks. If you want to learn more about the dangers that await you in social networks, then please check out my whitepaper entitled The Risks of Social Networking.