In the past, we reported a number of Facebook scams that were spreading like wildfire. Scam messages including Girl Killed Herself After Dad Posted On Wall Scam, Marika Fruscio Spam, OMG Can’t Believe Justin Beiber Did This To A Girl Spam, which were reported earlier are still spreading on Facebook. As Facebook scams continue to boom and spam news feeds, Websense, a web security firm conducted an interesting study that explains how scam messages spread and how they work.
Websense conducted their study by choosing two scams which are still very much actively spreading. The study showed that nearly 1800 Facebook users clicked and interacted with the scam every few seconds. Assuming that every user spent at least 1 minute on the scam website completing surveys, then there will be 2,592,000 hits (visitor count) per day! That’s a bomb!
Calculation: (24 hours X 60 minutes) X 1,800 users = 2,592,000 hits per day
Users are tempted to click on such scam messages that increase their curiosity. And that’s why scammers create scams with enticing titles and descriptions along with images (thumbnails) of half-naked girls.
How do scams spread?
There are two ways on how scam messages spread. One, when users click on a scam message, they will be taken to a fake page where they will be asked to verify their age by clicking on the “Jaa” button twice. The “jaa” button is coded with functions that will post the message on their Facebook wall automatically.
Second, when a user clicks on a scam message, the user will be taken to a webpage where it contains an image which appears like a normal YouTube player (Or any other video player). These sites will not have any age verification procedure. However, in this case the play button is coded, so when the user clicks on the play button, it will automatically “like” and share the scam message on their Facebook wall.
Here is the code that is used to automatically share the message in the background -
The scam the spreads across the news feed when users’ friends start clicking on the message.
How far the scam spreads?
To understand this, Websense studied the “FATHER gets TOTALLY Embarrassed after entering Daughters Room” scam, which broke out in July 2011. From the graph we can see how the scam spread, slowly picking up its pace, and on July 21 there were more than 3,000 users visiting the link every second, after which the numbers dropped significantly.
The reason why the visitors count dropped is because a number of blogs reported about the scam by alerting users not to click on it, or perhaps Facebook security blocked the URLs. The scam lasted for almost two weeks; however, scammers didn’t stop right there. They created more new scam messages with different URLs and titles.
How do scammers make money?
Now that the user has shared the message, it’s time for the scammer to loot you. After the message has been shared, you will be redirected to another page where you will be asked to complete surveys. 99% of users will understand that they have been tricked and will not complete any surveys. However, the remaining 1% of users is still something great to scammers. Why? Because these users will be tricked to enter their credit card details or bank details. Sometimes, users will be tricked to enter their Facebook username and password, which in the end, will be sent to the scammer via email. The scammer will misuse the details by stealing your money or hacking into your account.
Websense states that “currently, the scams only redirect Facebook users to a phishing Web site to complete a scam survey. If this type of contamination directs users to install rogue antivirus software and to exploit kits, the security impact is unthinkable.”
How to identify and avoid clicking on scam messages?
Avoiding scams on Facebook is not an easy task. Scam messages look like every other message appearing in your news feed. Scams have the ability to draw attention due to the thumbnails and titles used in it. Here are some tips on how you can identify and avoid Facebook scam messages -
- Avoid clicking on short URLs. If you really want to see where the URL leads to, then try using http://longurl.org/ to expand the URL.
- Avoid strange messages sent to you by your friends. If you feel that the message is inappropriate, then you always have an option to ask your friends and verify it.
- If you receive messages sent by a user who is not on your friends list, then check for any links and read tip 1.
- Minimize the use of applications on Facebook. They’re quite useless.
- If you are asked to grant permissions after clicking on a link, then make sure that you are granting permission to the right application. You can always revoke permissions by going to Account > Account Settings > Applications
Malware and Phishing attacks on Facebook
It isn’t just Facebook that is prone to malware and phishing attacks. This involves Twitter as well. When a user lands on a bogus site, the user will be asked to download a (malware) file. This malware consists of programming code (scripts) that is designed to gather information. This leads to exploitation of data or loss of privacy. The gathered details, like login credentials, credit card details, can be accessed by the scammer/hacker and also allow them to gain access to system resources.
Phishing attacks on the other hand, are designed to steal user’s credentials like usernames, passwords and credit card details. Scammers trick users by creating websites that look exactly like a Facebook login page or a Twitter login page. If you take a close look at the URL in the address bar, you will realize that you have landed on a bogus page.
However, most users do not look at the address bar before they enter their username and password. They blindly enter the details and click on login, which will then be emailed to the hacker, and you will then be redirected to the original page where you will have to login again.
That way, the hacker will gain access to your account and will try to hack your other accounts as well. So before logging in to Facebook, Twitter, Gmail or any other page, make sure that you are logging in at the right place!
I hope this article has helped you understand what a scam is, how it spreads and what consequences you would face if you fall for the trap by clicking on scam messages. Henceforth, you know what to do when you come across a scam message. Delete it!
P.S. Facebook has officially launched a 14 page document called Guide To Facebook Securitywhich will help its users understand the social network’s security features and possible ways to protect their account from threats like malware and phishing attacks. It also includes tips on how users can avoid click-jacking and like-jacking scam messages and scam apps.