Avoid scams: stay safe on Facebook

Avoid scams: stay safe on Facebook

blog_main_facebook_safe

The immensely popular social networking site Facebook has a user base of over 1.19 billion, which also makes it a popular medium for scammers. It is important to be able to identify a threat before it hits you because the consequences that follow one “quick click” may leave your bank account empty and your identity stolen.

53% of scams target social media users

Bitdefender conducted a survey on Facebook and Twitter by befriending 1,900 people. They then sent the users three links leading to malware. Based on the results, they discovered:

97 percent of respondents on Facebook and Twitter blindly click on links without checking for malware.”

It’s therefore not surprising that scam makers are successful in tricking Facebook users. In fact, during a two year Bitdefender study involving 850,000 different Facebook scams, it was discovered what the top five most prevalent scams are and the collective percentage of users that fall for each. Here are the top 5 scams you need to keep an eye out for:

#5) Atrocity videos: animal cruelty, suffering people and other dark videos (0.93%)

Atrocity video scams prey on a users darker side. Cybercriminals use horrendous images involving maimed animals, murder, suffering children, and tortured women to draw a user in. Although still relatively small compared to other scams (less than 1%), this type of scam is growing at a steady rate, with thousands of victims with every new campaign. According to the report:

“Children and teenagers are the most exposed to atrocity video scams, and we expect their number to intensify in the future.”

Woman Shark Attack (Google Images)

Woman Shark Attack (Google Images)

Cybercriminals use atrocity videos as a way to serve users with links to fraudulent web sites that prompt you to complete surveys and offers before watching the video. Cybercriminals hope to earn a commission for every survey completed. Malware is also distributed in this way.

In order to combat this type of scam, you must avoid falling victim to your own curiosity and fight the urge to click “play”. Stay vigil and use common sense. Check the domain name of any seemingly suspicious links to videos and images provided before clicking on it. Cyber criminals have no shame and even use tragic events as airline disasters to lure people into clicking. Steer clear from viewing atrocious content on Facebook and get your news from major news websites instead.

#4) Celebrity scams: celebrity scandals and death hoaxes (7.5%)

The fourth most popular type of Facebook scam preys on a users desire to keep up with the latest news and gossip on favorite celebrities such as Rihanna or Justin Bieber. The videos are often shocking news, such as the death of a celebrity or adult content. The primary goal of this scam is to trick you into clicking a link that will then ask you to update your video player or redirect you to an external source prompting you to download something to watch the video.

RihannaChrisBrown_150104This scam appeals to a users sense of curiosity and amplifies it by using enticing trigger words and popular celebrities. While some videos lead to Potentially Unwanted Programs (PUPs) such as adware, others are more serious and lead to data stealing malware that can turn your computer into a zombie as part of a botnet.

JustinBieberScam_150104

In order to combat this scam, users must use caution and common sense. In order to stay up to date on your favorite celebrities, use a legitimate and verified news and video source. Think before you act, remember if something seems so shocking that it is unreal, it probably is. Avoid watching adult content based videos on social media sites.

#3) Freebies and giveaways: Free -enter any company name- gift card!  (16.5%)

Giveaway scams are the third most popular Facebook scam that preys on the human instinct of greed. A few examples of this scam are – winning free trips to Disneyland, receiving free gift cards, vouchers and free electronic items such as an iPad. A well known saying is “nothing in life is free”, especially if something sounds too good to be true. If somebody on Facebook tells a company is giving away vouchers or gift cards if only you invite your friends to the offer or click on a link—don’t believe it. If you do, you’ll end up spamming all your contacts with bogus messages about the fake offer.

FreeiPadGiveawayScam_150104

If a user falls for a “free giveaway” or “freebie” scam, they are at risk of downloading a potential malware infection. Before qualifying for a free promotion, you must complete several “special” or “reward” bonus offers. The bonus offers are provided at the users expense costing real money. Cybercriminals receive a commission off each survey and receive a treasure chest full of confidential information such as your username, E-Mail, and phone number.

DisneyScam_150104In order to combat, users must keep a mindset that almost all of the free offers encountered online are bogus. Always think before you click and if an offer does seem suspicious, contact the company to verify the promotion’s authenticity or check the company’s Facebook page. Never enter your most sensitive credentials on any free surveys and promotional offers that seem too good to be true.

#2) Facebook functionality enhancements (29.5%)

FacebookDislikeButton_150104The second most popular Facebook scam is one that supposedly extends Facebook functionality. Users are seemingly presented with options to add a dislike button or embellish their profile with different colors or features, such as this one. This scam centers around a users desire to improve their overall social networking experience. Once a user decides to take advantage of the supposed enhanced Facebook features, cybercriminals can access and steal a user’s most sensitive data and spread malware by use of fake online survey pages. Never enter your data in seemingly suspicious forms or surveys on social media sites.

PinkFacebook_150104

In order to combat this scam, Facebook users need to help raise user awareness. Also, never click on links leading to pages that offer the ability to change your background and profile color as Facebook does not offer such an option.

#1) Who viewed my profile? (45.5%)

By far the most popular, widespread Facebook scam that users will encounter (almost 46%) preys on the the aspect of human curiosity. User’s want to see exactly who, what, and how many views their page is getting. The “profile viewer” message is customized to each person, touching users on a personal level. A lot of users want to see if they are still searched for by a person for whom they may still have feelings for, such as an ex.

ProfileViewer_150104The scam involves installing a malicious Facebook application that seemingly provides this very functionality. After initially accepting the terms of use for the who viewed my profile application, users may begin to notice strange occurrences such as postings on their Facebook timeline and unauthorized access to pictures and personal information. Unknowingly to the user, their sensitive information and pictures are being used in phishing, fraud, and targeted spam or malware attacks.

ProfileViewer_150104In order to combat this type of attack, users must be made aware that finding a legitimate application which reveals high profile details such as how many views or how many viewers you have is highly unlikely. Don’t click on suspicious links to pages that you don’t know where they are taking you and don’t add applications to your Facebook that have not been checked and confirmed to be safe by Facebook’s developers.

General human dispositions cause users to fall for these tricks

The report delves into psychological explanations as to why users fall for the traps. The conclusion:

“The biggest vulnerabilities appear because of general human dispositions that may hit any user at one point in his life,” Bitdefender Behavior Analyst Nansi Lungu said. “It’s hard for us to acknowledge our irrational behaviors, or that we’re blindly indulging in impulses we typically attribute to the less educated.”

  1. Vulnerabilities appear because of general human dispositions – The way people act, think, and react give rise to threats and vulnerabilities.
  2. Scams may hit any user at one point in his life – No matter how tech savvy or educated a user may be, no one is immune to falling victim to a scam at least once in a lifetime because cybercriminals always use the right psychological triggers.
  3. We all behave irrationally sometimes, online and offline – Everyone at some point will say or do something crazy or careless without first thinking about the consequences that follow.
  4. Scam victims are often less informed – Most scam victims are not aware of what something is or how it happens until its too late.

People are seemingly their own worst enemies. We don’t think before we act, and react before we think. This irrationality leads to cyber criminals having a motive to steal sensitive data and distribute malware as a means to make money. Cybercriminals take advantage of the fact that many users are not aware of online dangers and therefore aim to target this vulnerability. User awareness and caution is the key.

Tips to stay safe on Facebook

  •  Stay informed and up to date on the latest malware outbreaks and security news via blogs and newsletters. It is important to stay up to date on the latest security news when fighting online threats. Read security blogs from Emsisoft and Sophos. Also, subscribe to receive security newsletters from security news sources. There are also good sites and Facebook pages to inform users about Facebook scams, such as this one.
  • Use a reputable, up-to-date antivirus application to block malicious sites and malware infections. Antivirus applications are always essential tools used to detect, block, and prevent malware infections. It is critical to keep your antivirus enabled and up-to- date with the latest virus definitions to ensure maximum protection.
  • Keep your operating system and applications up to date to minimize potential vulnerabilities. Always perform Windows updates and keep your software applications up to date. Cybercriminals on social networks will exploit vulnerable operating systems and software as a means to spread malware.
  • Use caution and think twice before using the “quick click” method. Do not carelessly act and react without thinking. Use common sense and caution in order to avoid installing a potentially malicious application or visiting a suspicious web page. A lot of scams spread through Facebook friend recommendations, so don’t simply click on something a friends shared with you.
  • Beware of the personal information you share on social media sites. The top five essential ” TMI” Facebook items to keep private and never share are your social security number, birth date, home address, home phone number, passwords and bank and credit card information.
  • Customize various privacy options. Facebook gives a user control over their own privacy settings. Do not assume that you have to use the default settings. Check out the other configuration and learn how to adjust your security settings. Make yourself aware of how to limit what others can see and how to block unwanted guests from viewing your profile.
  •  Avoid social media sites altogether to combat malware and scams. The last ditch effort to stop scams on Facebook is to avoid the social media site altogether. This may not be an option best suited for everyone. If you are consistently being infected or scammed on Facebook, it may be a good time to consider backing out of the social media game while you still have your identity and money.
  • Use secure web browsers and security based add-ons to combat malicious web pagesUse a reputable, up-to-date web browser such as Google Chrome as a first line of defense. Chrome has the ability to block phishing and malware sites. Chrome allows for the use of a massive variety of different add-ons. Use ones such as Adblock Plus to block malicious ads and pop-ups and WOT to also help block phishing and malware sites which should further improve your overall security online.
  • Use strong passwords. Probably the most critical part of staying safe on social media sites everywhere is to use strong passwords. Never give out your username or password to anyone. Cybercriminals are getting smarter and therefore cracking a weak password is a relatively easy task for them to accomplish. Learn how to make strong passwords here.

Have a great (scam-free) day!

  • Flavia Auditore da Firenze

    Adblock Plus has that annoying whitelist – I would use uBlock Origin since it blocks both ads and scripts (which helps to mitigrate exploits).

    • the_old_islander

      Turn *off* the ABP whitelist!

      Allow *nothing* b ut what you personally review and permit… and use NoScript (and use it judiciously, of course, because it cripples a hell of a lot of things you probably want to use).

      • B.Cord Edleman Jr

        Good advice!!! Only allow on sites you know and trust.However even these days you still can’t trust the pages you visit every day!!! Always hover over anything before actually clicking on it to see what the URL is,if it’s not the same as earlier,don’t click. Report it to the web site!!! ;)

      • Glenn McGrew II

        Turning off whitelists can be good, because even a whitelisted site can get hacked.

        NoScript is pretty advanced stuff. I used to use it and my family got so confused. Sometimes, figuring out how to make a particular part of a page work without activating anything bad makes NoScript a pain in the butt. Unless it’s improved since I stopped using it 2 years ago.

        • the_old_islander

          I apologize here…

          I’ve been “messing about in computers” for more than 45 years,

          …and maybe you don’t get it yet.

          None of this is more than “kid-stuff”.

          Ask your own 15-year-old kid… who probably *owns* your entire
          online info record.

          • Flavia Auditore da Firenze

            You probably missed the point where I said uBlock Origin blocks scripts as well, so no need for NoScript :) not to mention it is lighter on resources than Adblock Plus.
            I’d rather have one addon doing the work of two with less resources – and the NoScript addon is Firefox only (no Chrome version) and I use Chrome :

          • Glenn McGrew II

            Yup, I missed that. Thanks! Is it easy to use for children and semi-computer-literate adults as well as power users?

          • Flavia Auditore da Firenze

            The script blocking part is the hard one – if you don’t like to mess around, use an anti-exploit utility instead: Malwarebytes Anti-Exploit, HitmanPro.Alert 3 (paid). They will block exploits (the main use of malicious scripts) without the hassle of script blockers.
            uBlock Origin will automatically take care of ads without any changes.

          • Glenn McGrew II

            Yeah, I have MBAE, but it doesn’t recognize that Pale Moon is Firefox, so it only protects Chrome, which is fine since my family uses that.

          • Glenn McGrew II

            Old Islander, there is a good possibility I’m getting NoScript confused with RequestPolicy. Apologies in advance if that is the case.

  • Jim90069

    Has anyone figured ouy how to get rid of AdAware Installer, for good???

    • Glenn McGrew II

      You might try posting that question in Emsisoft’s forums.

  • Glenn McGrew II

    What about AdRemover for Google Chrome (TM)?
    Recx Security Analyzer?
    Dr. Web Anti-Virus Link Checker?
    Blur?
    AdBlock (not ABP)?

    Tab Cookies?
    VTChromizer (from VirusTotal)?

    How does Firefox or Palemoon compare to Chrome in terms of security?

    I
    would like to be able to add an extra layer of security, defeat ads and
    3rd-party cookies, stop tracking and personalization, prevent malicious
    attacks and disable dangerous links.

    WOT is okay, but it is
    based on user feedback. When one company goes to war with someone/thing
    else, they can use WOT to launch an attack against that “other” by
    giving bad ratings on WOT. In addition, I see a lot of sites every day
    in searches that have never been rated by WOT users.

    • B.Cord Edleman Jr

      Check out the Opera browser,I use it and it works as well if not better than Chrome ;)

      • Glenn McGrew II

        I used to use Opera and I liked it, but I got tired of the flaws. It’s also not as secure as FF and GC.

        • B.Cord Edleman Jr

          That depends on your add ons as well bud! ;) It appears that Chrome is trying to catch up to Opera and not the other way around!!! What I had in Opera for a few Months now,Chrome has just now implemented the exact same thing Today! :/ I’m not sure if the two are connected in some way(ie.The Chromium project)but the two sure have a lot in common!!!

  • B.Cord Edleman Jr

    I’m not sure but my Father worked in IT well before the Internet.He worked at the Navy annex in Arlington,Va for many a year in the early’70s,back when a Computer took up a whole room and used punch cards and reel to reel tapes to input information into the Computer.He may not have realized how much I actually learned from those days. As a Child He would take Me to work every few Months. I’m 52 and I still recall a lot of ways to make my PC do exactly what I want it to do.Not what M.S. wants! DOS or not,only thing I hate is the damn registry MS came out with,what a joke! One misstep and your PC won’t do as told;as a you may or may not know. A Computer only does what you tell it to do and nothing more!!! ;)
    He has an old TS 80 and still uses it to this Day! I started out on a used Commodore 64 and learned from experimentation as well as reading the Tome that came with it. ;)