Facebook Watcher

Scam Tactics For The Month

2009-06-30T07:49:43Z

Cybercriminals and phishers are still focusing their efforts on Facebook. Several new scam tactics are listed as below.

1) Koobface Variant Resurfaced again

Recent report from CA suggested that a Koobface variant is still actively sending massive spam messages to millions of users on Facebook. During the attack, the Koobface variant connects to the malicious server UPR15MAY.com to acquire information for its spam messages to be sent to contacts of infected users.

2) Killselfz and Ligromind Malware

Similar to the “.at” and “.be” domains, this time the domains used are of the top-level domain. If you come across Facebook messages with phishing links to Killselfz[dot]com and Ligromind[dot]com, do not click on it or else the scammers will plant the malware to your computer.

3) Today, a new wave of phishing attacks on Facebook users is underway. A popular tech news blog Mashable is reportedly discovering two new top-level domains that can steal your Facebook login details and then spam your Facebook friends. If you get Facebook messages which prompt you to click the phishing links to Junfunrun[dot]com and Bulitre[dot]com, stay away from those messages and delete the messages instantly.

New Facebook Phishing Scams: Beware of .at and .be Domain Names

2009-05-25T17:05:53Z

There is a new wave of phishing scams that targeted Facebook users for the past few days and probably you’ve heard of this. It started with the phishing sites that registered under .at (Austria) and later the .be (Belgium) domain names. For this purpose, I’ve compiled a list of these phishing sites, and whenever you came across it in your Facebook email messages, do not click on the URL links.

A common trick is that all of these phishing scams start from a Facebook message with an aim to trick Facebook users to click on the URL links. In order to lure users to click on these links, all the subject line of the emails is either “Look at This”, “Hello” or “Check” following by one of the .at or .be domain names listed below.

This wave of phishing scams garnered much attention in Facebook since there are users who fail for the scam, lost their Facebook login details as well as the new cycle continues as the cybercriminals started using their accounts to send emails to their friends.

Picture: Phishing site; noticed that there is no Facebook logo in the header of the site

WARNING: DO NOT click links to the following sites:

Areps.at
Bests.at
Brunga.at
Kirgo.at
Nutpick.at

Atomclub.be
Bestspace.be
Bitclan.be
Databus.be
Dynasale.be
Goldbase.be
Greenbuddy.be
Indigoline.be
Linkteria.be
Mymarket.be
Orangefan.be
Picoband.be
Pinkamigo.be
Redbuddy.be
Redfriend.be
Silvertag.be
Sweeter.be
Vispace.be
Whiteflash.be
Whitemart.be

Nevertheless, the good news is that Facebook has taken action and blocked all of the outgoing links to the aforementioned phishing sites, while Firefox browser has also blocked its users from accessing to the above sites as well.

Facebook Blocked Two Facebook Bogus Sites

2009-05-01T07:57:49Z

According to the news across the Web, Facebook has blocked two bogus Facebook sites, that are fbaction.net and fbstarter.com. These two sites used the same trick by sending the phishing emails to some Facebook users that attempts to convince them to type in their Facebook username and password onto these bogus sites.

As at this moment, some browsers are taking action towards blocking these two sites. With Firefox browser has pinpointed these two sites as Web forgery (as shown in below pictures) while Safari browser has neither show the Web sites on its browser.

Picture 1: fbaction.net on Firefox

Picture 2: fbstarter.com on Firefox

Picture 3: fbaction.net blocked by Facebook; with this outgoing link being blocked, i.e. www.facebook.com/l/4253f;http://fbaction.net/

Picture 4: fbstarter.com blocked by Facebook; with this outgoing link being blocked as well, i.e. www.facebook.com/l/4253f;http://fbstarter.com/

Ironically, the most popular browser on the Web, i.e. Internet Explorer still continue to allow one of the bogus sites being accessed as at my time of writing, as shown in the below picture.

As always, my advice to this type of the spoofed Facebook email messages, malicious links or bogus Facebook Web site is to look carefully on the actual URL shown on your browser. Type the www.facebook.com to access to your Facebook account whenever you want to login to your Facebook.

MSRT Will Protect You Against Koobface

2009-04-08T10:21:11Z

If you’re using Windows, you probably have heard of Malicious Software Removal Tool (MSRT). It is a quality antivirus solution to be delivered to the Windows PCs as part of the Automatic Updates package each month.

A good news is that now it’s more safer to use Windows-based PCs to access Facebook as Koobface, a
particularly nasty virus have been included as one of the major virus and worm families being added to the MSRT.

“In working with Facebook, we were able to add detection of Koobface to our Malicious Software Removal Tool (MSRT), which checks computers running Windows software to detect and remove viruses.” Jeff Williams, a Principal Group Program Manager for the Microsoft Malware Protection Center, wrote in a guest post on the Facebook blog.

Meanwhile, the MSRT has also removed Koobface nearly 200,000 times from over 133,677 computers in more than 140 different locales around the world in just two weeks, he wrote.

Beware Of The Dancing Girl Video

2009-03-13T17:03:13Z

Online criminals are increasingly targeting at Facebook. So guys, if you’ve received any message that contain the following message subjects, please “do not” open it or proceed according to what the message told.

The message is served as a bait which offer malicious link and if you click on it, it’ll redirect you to a bogus Facebook site and you’ll be prompted to install a virus file in the form of a fake “Adobe_Player11.exe”, according to a report by websense.

FaceBook message: Dancing Girl Drunk In The Pub- facebook Video (Last rated by Betsy Person)
FaceBook message: Dancing girl oriental dance … (Last rated by Abdul Kay)
FaceBook message: Magnificent Striptease Dance (Last rated by Rosalind Lindsey)
FaceBook message: Watch the Oooh! Super Beautiful Girl Dancing (Last rated by Delores Tucker)
FaceBook message: Hot Girl Dancing At Striptease Dance Party

Although the message subject seemed to be appealed to most of the Facebook users, especially male users when first encountered it. But you know you’ll be safe if you ignore such message, and refrain yourself from clicking any URL link within the message, even it is out of your curiosity. Generally, these kind of messages are known well to elicit our emotions, in this case joy, and curiosity.

Another warning: Don’t let this kind of message trick you into clicking the link and install the file. It is due to the virus might not be detected by your anti-virus software installed on your PC or laptop, according to an analysis done by VirusTotal.

Picture 1:

Picture 2:

Warning: New Koobface Worm Spreading on Facebook

2009-03-07T19:15:48Z

I’m not sure whether this is a good sign for the Facebook and its users. More security issues would mean that Facebook is large enough as a viable target for the spammers or scammers. And on the other end, the new Koobface worm as reported by TrendMicro security blog more or less helped the users be prepared “not to” download any software that prompted on the site. This is due to the same bait can’t work twice to the same people as this malware is being promoted in a similar manner as happened before in August 2008.

Here’s another good news: Despite the ongoing malware attack on Facebook, the issue will be resolved. Trust Facebook.

Friends or Sex Offenders?

2009-03-01T16:42:51Z

MySpace made a big news when they revealing that they’ve identified and removed about 90,000 sex offenders from its sites recently. It wasn’t surprised by the similar action taken by Facebook on the same issue towards children and teenagers protection.

According to Connecticut’s attorney general, Facebook has removed more than 5,585 convicted sex offenders from its social networking site since May. More can be found via the news reported by Associated Press.

Perhaps you won’t find any sex offender on your friend list and this is not a big threat to Facebook, and the risk of having sex offenders in your friend list also nowhere near what many have thought of. However, the problem now the Facebook users facing is they don’t even have technique on how to differentiate a friend whom they just accept the friend request is a new online friend or yet another sex offender. Poor Facebook users!

links for 2009-02-10

2009-02-10T13:52:09Z

Facebook no longer a place for safe and trusted environment?

Internet predators?

1. Facebook Admits Sexual Assault Suspect Used Site

Police have charged Wisconsin 18-year-old Anthony Stancl with sexual assault and accused him of copying female Facebook members’ photos, pretending to be a girl, and persuading male schoolmates to send nude photos…

2. YouTube video as embedded in below:

3. Facebook dating alert for murder suspect

Police hunting a fairground worker suspected of murdering his ex-girlfriend and then…

Scam Via Facebook Chat

2009-01-31T07:49:03Z

Be wary, more scams are appeared on Facebook. The channel scammers used on Facebook might be different this time, no longer the Wall posts or messages that conned users to check out links that lead to download adware, and something about virus, but via chat.

Founder and President/CEO of SnapStream reported that in his blog, and even he published the transcript that a scammer tried to scam him, where the scammer seemed to be hacked into one of his friends’ Facebook account, and initiated a chat conversation with an attempt to beg for money. The channel for scam is different this time, but the story is the usual one, your Facebook friend is stranded in foreign land, desperately need money so that can get a ticket fly home back. While the fact scammers used chat to scam Facebook users might indicated that more and more Facebook users are actively using chat, and the user base is large enough to be a viable target for scam.

As Facebook users, perhaps what we can do is to ask questions intelligently in this type of situation, such as questions that involved information that you and the person behind the profile would know. And also, if the Facebook friends you made is really your friends you know in real life. When you received your friend’s help via chat for money, you can give the person a phone call, that’s what real friends do and clear your doubts as well. In short, sometimes the communication in the old way, i.e. phone call can actually prolong the friendship and eventually helps to stop Facebook scam.

Keep Your Kids Safe Online

2009-01-28T08:25:04Z

McAfee, one of the leading Internet security firms has launched a Facebook page called Moms Against Cybercrime. On this page, you’ll find all the tips on which how parents keep their kids safe when they go online. Besides with the tips, there are videos, blog posts that synchronized from McAfee’s Security Insights blog.

In fact, Moms Against Cybercrime is a Facebook page for parents. Parents will be equipped with all the common sense and ways to keep their children safer online after they read all the notes posted on the page. Do what as the cybersafety advocates suggested, i.e. know well about what your kids were doing on the Web. I think for parents, they should learn more about the ways to keep their kids or teens’ online safety, so that they can strike a right balance between concern and supervision.

Again, Fake Facebook Site

2008-12-28T20:26:56Z

I wished I do not need to post on this blog in this month. Naturally, if I read any threat in the Facebook community, you’ll read my post. The most recent threat is that it is not only appeared in Facebook, but also found on some other social networking sites such as Friendster, MySpace, etc.

These fake home pages, which propagated through the malicious comments sent from the compromised accounts of friends in the Friendster network, asking the Friendster users to log onto a fake Friendster home page. And the ugly part is that this fake Friendster home page, the domain http://friend[...]ter.com also pointed to a fake Facebook page as its main page, as reported by F-Secure.

Same old trick, remember my another post entitled Two New Facebook Forge Sites, as I have posted in October this year. Perhaps same old advice, always type the Facebook URL to your browser’s address bar when entering your Facebook account.

Facebook Wins Lawsuit Against Spammers

2008-11-25T07:59:22Z

According to the latest Facebook’s blog entry, Facebook has been awarded $873 million in damages in a ruling it had against marketing spammers that are Adam Guerbuez and Atlantis Blue Capital for sending sleazy messages to their users.

According to the court document embedded in below (PDF), the judge Jeremy Fogel has made this ruling on last Friday in San Jose federal court under the CAN-SPAM Act of 2003. Furthermore, the ruling also barred the defendants from:

using or accessing, whether directly or indirectly, Facebook’s data, information, computers, computers systems, computer networks, or Facebook users’ accounts, information or profiles for any reason whatsoever;

accessing the physical property, structures or buildings of Facebook or Facebook’s employees;

creating, maintaining or using a Facebook account or profile; and many more.

The blog entry also discussed that it’s unlikely that Geurbez and Atlantis Blue Capital could ever honor the judgment rendered against them, though Facebook will certainly collect everything they can. Nevertheless, the result of this lawsuit will have larger implications as this noting the willingness of Facebook to go to court and fight the spammers.

Photo-Tagging: New Tactic of Marketing Spam

2009-02-24T16:15:32Z

For some users, Facebook’s photo tagging is a new fun for them when they want to share their photos with their friends, and showed that the one who tagged also a friend in their inner circles. However, this has brought the issue of photo-tagging spam.

According to AdvertisingAge, the so-called photo-tagging feature has been used as a tool by guerilla marketers to make the photo appealing to the Facebook users. For example, if your friend has been tagged by someone, and it’s appealing enough for you to click the photo as appeared in the News Feed. After you clicking on the photos, it’s in fact relevant to some marketing promotions in support for a particular candidate or event.

Sam Lessin, the founder and CEO of Drop.io reported that photo uploading and sharing is central to Facebook’s overall service offerings. He said, “In Facebook, photos have several characteristics that make them especially fabulous marketing vehicles. First, people love them and tend to click on them all the time. Second, they get incredible real estate in news feed. Third, any message put into photos has a strange automatic relevance because it is attached to the name of a friend. Finally, there is a huge curiosity factor as to why a friend is tagged in an image.”

Now, before we, the Facebook users using the photo-tagging feature in order to outline additional details in a given photo, let us think that the guerilla marketers also will use this tactic to provide a link to a marketing promotion or a cause whenever your friends saw it in the News Feed of Facebook. This could be the biggest concern for this photo-tagging capabilities on Facebook at this moment.

Facebook Spamming Not Surprise, huh?

2008-11-21T04:11:23Z

I’ve read an article that talked about Facebook is about to have a big spam problem, and “it’s not surprising.” Of course, everyone love Facebook now, and no one should expect spam will not happened in the Facebook environment.

A common Web strategy I heard nowadays is: If you build it, they will come. “They” means not only the audience, it also means the spammers too. So, if you want your profile, or even the group (you are the Administrator) to be spam-free, be prepared to spend time in deleting spam posts, spam wall posts, and report users that spam you to Facebook when necessary.

Beware of the Nigerian 419 Scam on Facebook

2008-11-11T04:10:14Z

This is a latest attempt of the attack on Facebook user; this time is not spam, but the notorious Nigerian 419 scammer on Facebook.

According to The Sydney Morning Herald, a Facebook user, also worked at Google Australia Karina Wells has received a Facebook message from her friend Adrian that seeking help from Lagos, Nigeria. She has been told by the message that Adrian now is being stranded there in Nigeria and looking for a help and needed her to lend him $500 for a ticket home. However, Karina Wells is a smart lady, spotted that the message from the other party, was a scammer while chatting by using the word such as “cell phone” instead of “mobile phone.” Mind you, all the people from the Commonwealth countries speak and favor the British English as opposed to American English. She then gathered all the details of where the scammer was and forwarded them to both Facebook and the relevant authorities.

Now let’s go ahead and ask ourselves: How many “friends” do you have on Facebook? Enough is enough. And do you know where are they actually right now?