November 1, 2013 No Comments-
October saw the creation of two high-profile scam campaigns targeting Facebook users – both of which are out to steal your data. Read on to learn how to identify these fraudulent messages, and how to avoid other malicious attacks.
Facebook: double trouble
A new website offers two different ways to compromise your Facebook account, should you fall for its tricks.
The website tempts visitors by offering them the ability to see which of their friends have visited their profile. According to the website, users can access this information simply by logging in with their Facebook information on the website, or downloading an app onto their Windows computer.
However, no one except Facebook staff (and maybe not even them) can see who has been visiting your profile, so the website is clearly lying to potential users. Remember: any website offers to let you see who has visited your Facebook profile is lying. This will never be possible.
Would someone go to the trouble of creating a fake website and app just to disappoint users? No – they did it to steal your data by convincing you to trust them (which is known in the security industry as “phishing”).
By entering your Facebook username and password into the login box provided, you’re actually passing your data to the people behind the website, and not to Facebook’s servers. This means that the criminals who run the webpage will have your username and password, and therefore have full access to your Facebook account.
It’s even worse if you choose to download the app, however. Not only does it steal your information when you enter it, but it also infects your computer with malware. Ouch.
The malware is a keylogger, which monitors everything you type and sends the information back to the creators. Therefore it’s not just your Facebook information at risk, but your email password, what your messages say and your banking information. And it applies to anyone that users the computer.
Avoiding the baddies
If you’re worried about this app, search your computer for a file called WhoViewedMyfacebookProfile.rar. If it’s on your computer, it’s likely that you’ve been infected and need to run an anti-virus scanner.
The simple way to avoid this problem, however, is to not download programs from unverifiable sources. If it doesn’t seem like a legitimate source (and let’s face it, does an app that lets you see your Facebook profile visitors seem legitimate?) then it’s best to avoid the download.
The same goes for entering your login information on a website that isn’t the one you’ve signed up for. You will never have to enter your Facebook info onto a website that isn’t Facebook, so don’t ever do it. Simple, right?
Made up of various contributors' opinions and insights - the power of the collective.
Norman Safeground Blogs Archive