With more than 800 million registered accounts and 400 million user visits each day, Facebook continues to lead the race of dominance of social networking with unique and innovative products and intelligent marketing strategies that lead to user without stopping to press the ‘like’ and post status updates the whole day.
Facebook is not only a major media to share ideas and interact with friends, but the place is a booming attack for almost every cybercriminal in the world.
By taking advantage and user confidence in their network connection, the virtual world players spread malicious code and send spam messages using social engineering tricks to spread their message to thousands of unsuspecting users.
Here are the four most common scams on Facebook, which were found by Norton:
1. Like/Share Feed
Types: social engineering Results: Users liked link
Like it or share the feed that occurs when a hacker act as a reliable source and asks a user clicks on “like” at page updates, photos, video, or status to access special content (usually sensationalist).
When a user clicks the “like”, chances are directed to a survey that requires the user to fill out some personal information, sign up for a subscription service, or even post a link a few times on Facebook.
2. ‘Like’ Clickjacking
Type: Social engineering/fraud Results: Users liked link
‘Like’ clickjacking happens when a hacker presents to view a video with a button to ‘play’ simple, but actually there is a frame that is not visible on a page with hidden buttons “like”. When users “like” that page, posting status updates appear on the wall of another user – led to their friends curious and tempted to visit this page.
Type: Spam Results: A spam message which displayed
Tagging occurs when users clicked on an ad or image upload and then characterized to a series of random people. If the setting allowing the user to notify when the user is marked, the user will receive an email asking to see pictures. People who are tagged and his friends to click that have been marked and routed to spam.
Type: Social Engineering Results: It can read and control access to user account
Phishing is a fraudulent message that tells the user that they suspended their Facebook accounts, or take the form from a pending friend request. When the user clicks on that link, it will lead users to a fake login page for user account information.
The fake login page will record user ID and password and then use them to gain unrestricted access to a user account and will allow detailed information to the user’s password for other online activities such as internet banking.