Fraud attempts on social networks How Facebook scams work
As of April 2013, the world’s largest social network Facebook boasts more than one billion users – an impressive number considering there are 7 billion people on the planet. Unfortunately, the more people that connect to a centralized platform, the more desirable a target it becomes to online criminals.
Every year, there is an increasing amount of news regarding attempted fraud, identity theft, and hacker’s attacks on Facebook. This isn’t surprising, as these actions occur in real-time, and the news is spread through social media like wildfire. Most attacks involve scams, meaning that anti-virus or anti-malware software can’t always help because malicious software isn’t always used. Instead, the scammers play on the naivety or greed of their victims. Therefore it is pertinent for us to explain their general techniques, so that you can avoid these scams and use Facebook safely in the future.
How the scammers operate
The goal of the scammers is to arouse the interest of as many people as possible in order to lure the maximum number of potential victims. Sensational news is therefore commonly used as bait. For example, the deaths of famous people such Whitney Houston or Steve Jobs have been exploited by scammers. In both cases, the scams claimed to have red hot news about one of these celebrities, such as a video showing the diva shortly before her tragic death. Less sensational topics are also used – basically any short titbit of information that is likely to raise interest.
Once the scammer has managed to arouse the victim’s interest, they have already won half the battle. Typically the scam involves enticing the victim to click on an external link or like a Facebook app that will then take them to the sensational content. One can now clearly see where this scam is going of course – this piece of news is just fake. It’s a psychological trick, as when faced with sensational news, we tend to ignore the voice of reason and behave exactly like the scammers want us to.
The scammer can now proceed in several ways. Sometimes they create links to YouTube videos or websites in order to increase the number of clicks. Other common methods range from forcing you to take surveys which they receive money for, to phishing attempts and spreading malware. As this is a considerable risk to your private data and your wallet, you should be very cautious of falling for a scammer’s tricks.
Real life examples of Facebook scams
Enough of the theory, let’s take a look at some real scams.
Example 1: Amy Winehouse
Amy Winehouse was found dead in her apartment in July 2011. Thanks to keen public interest, the first scam attempts didn’t take long to surface. The most successful scam promised a shocking video showing the deceased singer shortly before her death.
There was no such video of course. Rather, the victim was directed to the following
Here the victim was then prompted to share the link in order to reach as many Facebook users as possible. Not only that, but there was also a survey to fill out, supposedly in order to win an iPad 2. After completing the survey the victim would begin to wonder where the promised video was – they may have been presented with an insignificant video or simply nothing at all. By now the scammer had achieved their goal – the enticing message had been spread, and they had earned money from the completed survey.
Example 2: Steve Jobs
The death of the well known Apple founder was also exploited by online scammers. Within no time several Facebook pages had been created, some supposedly by Apple, others simply in the name of a business. The content, however, was always the same:
A considerable amount of iPads was to be raffled off in memory of the recently deceased. The amount varied between 50 and 500. The intention of the scams also varied; from asking the victims to fill out surveys to redirecting them to online casino websites. These scams proved to be a classic example of how many people fall for these tricks and spread the message.
Example 3: Fake apps
This approach differs slightly from the scams illustrated in the first two examples.
Here we have an application that claims to show you how many people have visited your profile. The message is typically spread to your friends’ walls.
Once your interest has been aroused, the application requests permission to access all your Facebook data and functions. This ensures that the fake app continues to spread even further. The collected data can be used to send spam directly or be sold off to commercial spammers.
The aforementioned surveys are used in this example as well – easy money for the scammers. Such scam apps are of course removed by Facebook as soon as they become aware of them. The scammers are not at all deterred however, and simply continue to create new applications with different names.
Example 4: Fake friend requests
In the scams we have examined so far, Facebook itself has been abused as the means of communication. However, scammers also send fake e-mails purporting to be from Facebook, such as the following friend request.
The link doesn’t take you to Facebook, but instead to a fake replica of the site. You are then prompted to update Macromedia Flash player.
Clicking on the link and launching updateflash.exe is a fatal move, as it is actually the well-known Zeus trojan, also known as Zbot. And as if this wasn’t enough, there is also an exploit kit on the website in case the victim doesn’t launch the fake update.
This places your personal data and the security of your PC at
How to protect yourself
All of these scam attempts would have been unsuccessful if the recipients didn’t fall for the bait. Please keep the following points in mind:
- Be skeptical!
Sensational news isn’t exclusively broadcast over Facebook, but also on regular websites as well as radio and TV stations. If there’s no news of this topic on other media sources, it is very likely to be scam. Be suspicious of raffles – why would anyone give away iPads in honor of Steve Jobs, and what’s more, why would they do so on Facebook?
Hint: Google corresponding keywords such as “Amy Winehouse Video”. This will often give you hints of a scam.
- Pay attention to the sender’s email address and how they address you.
If you receive friend requests or other e-mails, please check the language. If you are using Facebook in English, Facebook sends you messages in English. In addition, you will be addressed with the name you are registered with.
- Check links!
Do the links in question really take you to the original company’s website? When you move your mouse pointer over a link you can see the target address clearly. If the URL looks suspicious: Stay away!
- Don’t trust your Facebook friends blindly!
The spread of scams is usually based on pyramid schemes. Break the chain by not falling for the posts and status messages of your Facebook friends.
- Use anti-virus software with real-time protection!
Even if you fall for a scam attempt, it doesn’t necessarily mean your PC has been infected with malicious software. Emsisoft Anti-Malware for instance, offers triple protection by blocking malware from execution with its powerful dual-engine scanner and behavioral analysis. In addition, surf protection warns you about many phishing websites when you attempt to access them.
Have a nice (malware-free) day!
Your Emsisoft Team
The ACCDFISA malware family - Ransomware targeting Windows servers