Editor’s note: This is a contributed post by Karen Clark, who has been writing about personal security topics for the better part of a decade for SecurityChoice.com. She has a special interest in the emergence of online threats to personal security, especially attacks that focus on people rather than technology.
Like any communication line, Facebook is unfortunately prone to knots and tangles. While the company employs some of the best and brightest computer scientists, businesspeople and modern polymaths, it’s impossible to avoid a few security breaches when they’re manning a network that covers Facebook’s nearly inconceivable digital expanse.
Since shedding its reputation as a college-orientated network and ascending to the status of mainstream media fixture, Facebook has fallen victim to an assembly of attacks committed by anyone and everyone, from profit-mongering Russian collectives to rogue American vagabonds.
Here are the five attacks you need to know about, and what you can do to protect yourself against them or future similar attacks.
1. Koobface
Probably the most well-known of the Facebook cons, in part because of its anagrammatic title,Koobface reached its height of virulence in 2009. Koobface commonly implants itself bymasquerading on your newsfeed as a must-see viral video.
Upon clicking the video, users are prompted with an offer to download the latest version of flash player – in reality, it’s a worm in disguise. Once it’s installed, the cybercriminal who built the worm is given remote access to your computer, allowing him or her a front row seat for all your most sensitive digital information.
Safeguard Yourself
To avoid this frightening prospect, be particularly careful in what you download from social media networks, and keep your anti-virus software updated so it can detect the most recent strains of Koobface.
2. Zeus
Much like Koobface, Zeus works under the assumption that people will click links disguised as fan pages, social shares and even friend profiles. Again, once users click a link, they’re prompted to install malware which sits dormant on your system until you access your bank account, at which point it makes a copy of your username and password.
Safeguard Yourself
As a Web-wide policy, experts recommend bookmarking select websites that handle your personal information and have a long history of reliable account protection.
That way, you can stack up the website you’re intending to visit against the website you know you can trust, and make sure the domains match without a letter, number or slash to spare.
3. Likejacking
Likejacking scams have been known to hover around Facebook for months at a time before they’re stomped out. But the problem is once one goes down, another pops up.
And all of them follow a simple formula:
- Use a juicy, sensational title for a fake article (e.g. "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE" or "The Prom Dress That Got This Girls Suspended From School.")
- Wait for users to "like" the article title in order to gain access to its non-existent content
- Re-post itself on your newsfeed
- Repeat.
While the process isn’t particularly harmful – just annoying – it’s never a good idea to put yourself in the way of any likejacking programs. Since they typically lead out to spammy websites, residual viruses and infections are always a possibility.
Safeguard Yourself
Keep a keen eye for any article shares that seem too ridiculously titled to be true, and use a significant bit of discretion before you click the like button.
4. Facebook Black
Last March, the Facebook Black scam spread itself across the social web by promising users analternate blacked-out appearance for Facebook’s home screen
(Source: news.softpedia.com)
Of course, in the same malicious spirit of all the other viruses on this list, the black template is really a front for an obnoxious duo of JavaScript files.
If installed, the files lead to an influx of bothersome surveys. Additionally, the bug automatically perpetuates itself by setting up a promotional page on your account to dupe your friendsinto clicking the very same link.
Safeguard Yourself
If you’re infected, make sure you remove the files immediately – often times they’re nested in a Google Chrome extension, which allows for a quick uninstall.
And always be sure to do some research before you download any type of add-on or extension that supposedly ‘modifies your Facebook experience’. Sometimes, they’re legitimate. But too many times, they’re bogus.
5. Who Viewed Your Profile?
Facebookers are a curious bunch. That’s why there’s a certain allure to figuring out who viewed your profile in a given day. While that option has never been open to Facebook users, there have been plenty of scammers willing to exploit that desire.
Hackers have crafted a number of advertisements for fake Facebook applications which are supposed to give insight into who’s looking at your profile. Like Facebook Black, these advertisements are bunk, and regularly lead to browser extension downloads. Once you’ve installed the extension, hackers can get quick, easy access to the personal information stored on your account.
Safeguard Yourself
Precautionary tales indicate that Facebook users should refrain from clicking URLs that look too short to be normal. Also, make it a regular routine to check through your Facebook apps and determine which ones are real and which ones you’ve never used – the sleeping apps could be connected to malware.
Conclusion
While no one claims virulent activity to be a good thing for Facebook’s general health, there’s a thin silver lining through it all. With each attack, Facebook learns more about the fissures in its code. And with each attack, Facebook finds a way to patch itself, and rebuild stronger, better and more secure.
To aid the process, it’s up to us to spray an extra coat of diligence on our online decision making processes. The more responsible we are with our online activity – particularly with what we click and who we trust – the less likely these viruses are to stain the fabric of our valued social networks.