This past weekend saw hackers take a new approach to wreaking havoc on Facebook users. Much like last week's Trojan that caused considerable damage in only two days, an inciting image disguised as a 'private video' was posted onto users' walls, alongside an accompanying scam message featuring up to 20 tagged friends. The threat was specifically targeted at Windows or Mac OS X users running Chrome, who were prompted to download a malicious browser extension that was sneaked into the official Google Chrome Store. Currently, 4,200 users have already installed this dangerous extension.
This activity has one sole purpose: to reach victims' browsers on a wide scale. It has been cleverly executed and is yet another example of the influx of Facebook scams that users of the site must be increasingly wary of.
Facebook scams: what's the appeal to hackers?
With more than 1.23 billion monthly active Facebook users, scams and other online threats have a high chance of rapidly going viral, making it a very valuable tool for hackers. Facebook is the king of the hill in the social media world and it makes sense for cyber criminals to abuse the platform, with the opportunity to reach tens of thousands of people within hours.
These types of scams often prey on users' curiosity by deceiving them into clicking on posts that either promise alluring prizes or exclusive content that can only be accessed if interacted with socially. Scams are usually localised for specific countries and have a segmented audience; for instance, broadly speaking a scam about cosmetics may be targeted more heavily at women, while a scam about sex tapes is more likely to be directed towards men. Some of the most notorious scams are "guess who viewed your profile", functionality scams such as dislike buttons, atrocity videos and giveaway scams, many of which featured within our top seven malware attacks of 2014.
The user perspective: what can be done to stay secure?
There are many steps Facebook users can take to guard against scams. Users should exercise maximum vigilance when being tagged in dubious posts or when various contests show up in their news feed, promising enticing awards; sometimes, just sharing a malicious post can be a big aid to cyber criminal activity. Users can also alter profile privacy settings so that wall-posting or tagging must first be reviewed. Having a security solution in place will also provide safety from shady URLs or any malicious payload that tries to download when visiting seemingly legitimate websites.
Unfortunately, there's no way Facebook can completely and forever block scams. Cyber criminals will always find a way to bypass screening, either via malvertising - using third-party adware services that disseminate the malicious URLs - or via sponsored posts that seem to be, at first glance, legitimate. All users of the site therefore have a responsibility: to report any dubious posts in order to prevent fellow Facebook users from being infected or scammed.