Why are you tagged in this video? It’s a viral Facebook scam , Please Avoid

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook users have been hit by another fast-spreading scam today, pretending to be a link to a YouTube video that they have been tagged in.

Facebook video scam

The scam messages use potential victims’ first names, claiming that they have been tagged in the “Youtube” video.

Phrases used in the attack include:

YO [name] why are you tagged in this video

WTF!! [name] why are you tagged in this video

hey [name] i cant believe youre tagged in this video

hey [name] you look so stupid in this video

omg! [name] why are you tagged in this vid

OMG [name] why are you in this video

Each “video” has a random number of views and likes, but the length of the movie always appears to be 2:34. Eagle-eyed Facebook users might realise something is awry when they see that the links refer to “Youtube” rather than the rather more accurate “YouTube”.

But if you do make the mistake of clicking on the video thumbnail you will be taken to a webpage which tries to trick you into cutting-and-pasting a malicious JavaScript code into your browser’s address bar (this appears to be one of the scammers’ favourite methods of attack at the moment).

You have to concede, it’s a cunning piece of social engineering by the bad guys. Wouldn’t you want to see a video that your Facebook friends say you have been tagged in?

If you’re a regular user of Facebook, make sure you join the Sophos page on Facebook to be kept informed of the latest security threats.

Source :- http://nakedsecurity.sophos.com

Visit the New Facebook? Hacker warning spreads like wildfire on social network

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook users are posting warnings to one another about a hacker operating on the network, using the offer to “Visit the new Facebook” to break into pages and kick out the page’s legitimate administrators.

Unfortunately the alerts do not include enough information to be useful, and members of the public may be unwittingly perpetuating a hoax in the belief that they are helping their friends, family and online chums avoid a nasty virus infection.

Visit the new Facebook warning

THIS NOTICE IS DIRECTED TO EVERYONE WHO HAS A PAGE ON FACEBOOK: IF SOME PEOPLE IN YOUR PROFILE OR YOUR FRIENDS SEND YOU A LINK WITH WORDS "VISIT THE NEW FACEBOOK '' AND THERE IS THE LINK BELOW, DO NOT OPEN! IF YOU OPEN IT YOU CAN SAY GOODBYE TO YOUR PAGE. IT'S A HACKER WHO STEALS YOUR DETAILS AND REMOVES YOU FROM YOUR OWN PAGE. COPY AND SPREAD THE WORD

Although there are many scams and attacks which spread on Facebook every day, no-one appears so far to actually have gathered any evidence that this one exists – and there is probably more nuisance being caused by users passing on the warning than by any attack which may or may not have happened.

Users believe they’re doing the right thing when they share warnings like this – but unfortunately they haven’t always checked their facts.

Please don’t share security warnings with your online friends until you have checked them with a credible source (such as an established computer security company). Threats can be killed off fairly easily, but misinformation like this can live on for months, if not years, because people believe they are “doing the right thing” by sharing the warning with their friends.

If you’re a regular user of Facebook, be sure to join the Sophos page on Facebook to be kept informed of the latest security threats.

Source :- http://nakedsecurity.sophos.com

Facebook Dislike button spreads fast, but is a fake – watch out!

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Don’t be too quick to click on links claiming to “Enable Dislike Button” on Facebook, as a fast-spreading scam has caused problems for social networking users this weekend.

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

Dislike button on Facebook

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook’s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.

Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

The potential for malice should be obvious.

As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.

Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:

Offer of Dislike button leads you into posting script into your browser's address bar

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Source :- http://nakedsecurity.sophos.com

17 Twitter Tips from Mashable Connect Attendees

Image representing Twitter as depicted in Crun...

Image via CrunchBase

While Twitter users have become more active in the past year, there are only a few who are consistently valuable, engaging and respected.

Becoming one of those users is a challenging task, but it’s also something that can pay big dividends. That’s why we asked the world’s leaders in digital for their advice on how to become a master Twitter user.

On May 12-14, several hundred of the world’s digital leaders gathered in Orlando for the first-ever Mashable Connect, an intimate three-day conference focused on the impact of social media and digital on entertainment, media, technology and society. Connect attendees, along with Team Mashable, had the chance to hear about the biggest trends in digital from the leaders of Syfy, HBO, Edelman, Gowalla, Tumblr, Buddy Media and more.

Here’s the sage advice our Connect attendees had to give:


Twitter Tips


  • 1) @jeffpulver, Casting Director, #140conf: “The secret to Twitter is to listen, connect, share and engage. It’s the conversations that matter.”
  • 2) @davepeck, Director of Community, Meshin: “Respond to everybody, positive or negative.”
  • 3) @michiganflavor, COO, MIFlavor.com:Retweet, retweet, retweet. People love to see their stuff retweeted, and they’ll start retweeting you.”
  • 4) @shrmsocmedguy, Social Media Strategist, Shrm: “Use your tweeting to set up meetings.”
  • 5) @dstatusstalker, Chief Status Stalker, Status Stalker: “Start a conversation. Reach out to others, and say hello.”
  • 6) @kratzpr, Founder, Kratz PR: “Don’t think of it as a tool, think of it as a gateway for being social.”
  • 7) @ctreada, CEO, Notice Technologies: “Ignore it; they’re all pornographers anyway.” (Chris’s other tip: “Chill out.”)
  • 8 ) @jkrohrs, VP of Marketing, ExactTarget: “Don’t tweet if you can’t spell.”
  • 9) @moniguzman, Director of Outreach, Intersect: “Tweet what comes naturally. Don’t try to fulfill someone else’s expectations.”
  • 10) @shashib, Social Media Swami, Network Solutions: “More than an RSS feed, connecting with people on Twitter gives you interesting content that is validated by them.”
  • 11) @jennydevaughn, Director, Social Strategy, @HODES: “You need to have brand sacrifice if you want to be viewed as an expert in your field. Only tweet about 10 topics, events or ideas.”
  • 12) @robkey, CEO, Converseon: “Embrace your insignificance.”
  • 13) @zagrrl: VP Technology, Innovation Center for US Diary: “The best way to learn is to share.”
  • 14) @heidiotway: VP & Director Social Media, Salter Mitchell: “Follow the best, learn from the best.”
  • 15) @jonnorp, Director of Social Media, American Airlines: “Remember that it flies forever.”
  • 16) @chrisvary, Director of Emerging Technology, Weber Shandwick: “Don’t connect your Twitter to Facebook.”
  • 17) @joeyinteractive, Interactive Creative Director, Disney Parks: “Marketing doesn’t spread; stories do.

Source :- http://mashable.com

Dad catches daughters on webcam: Beware viral Facebook video link

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook is being hit by another viral message, spreading between users’ walls disguised as a link to a saucy video.

The messages, which are spreading rapidly, use a variety of different links but all claim to be a movie of a dad catching his daughters making a video on their webcam:

Dad catches daughters on webcam message

[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI
[LINK]
two naughty girls get caught in the WORST moment while making a vid on their webcam! omg!!

The messages also tag some of the victims’ Facebook friends, presumably in an attempt to spread the links more quickly across the social network.

If you make the mistake of clicking on the link you are taken to a webpage which shows a video thumbnail of two scantily clad young women on a bed. The page urges you to play the video, however doing so will post the Facebook message on your own wall as a “Like” and pass it to your friends.

Unfortunately, the new security improvements announced by Facebook this week fail to give any protection or warning about the attack.

Dad catches daughters on webcam message

When I tested the scam Sophos was presented with a (fake) message telling me that my Adobe Flash plugin had crashed and  needed to download a codec.

Dad catches daughters on webcam message

Codec downloadUsers should remember that they should only ever download updates to Adobe Flash from Adobe’s own website – not from anywhere else on the internet as you could be tricked into installing malware.

Ultimately, you may find your browser has been redirected to a webpage promoting a tool for changing your Facebook layout, called Profile Stylez and – on Windows at least – may find you have been prompted to install a program called FreeCodec.exe which really installs the Profile Stylez browser extension.

ProfileStylez

It’s certainly disappointing to see Facebook’s new security features fail at the first major outbreak – clearly there’s much more work which needs to be done to prevent these sorts of messages spreading rapidly across the social network, tricking users into clicking on links which could be designed to cause harm.

Source :- http://nakedsecurity.sophos.com

Eidos confirms website hack, email addresses and resumes stolen

Eidos Interactive

Image via Wikipedia

Eidos has revealed that resumes of job hunters and email addresses of video game fans have been stolen by hackers in an attack on the Eidos and “Deus Ex: Human Revolutionwebsites.

Square Enix, the parent company of Eidos, confirmed the hack in a PDF press release. (Why do companies publish their press releases as PDFs, anyway? That’s just daft.)

Here’s part of the statement from Square Enix:

Square Enix can confirm a group of hackers gained access to parts of our Eidosmontreal.com website as well as two of our product sites. We immediately took the sites offline to assess how this had happened and what had been accessed, then took further measures to increase the security of these and all of our websites, before allowing the sites to go live again.

Eidosmontreal.com does not hold any credit card information or code data, however there are resumes which are submitted to the website by people interested in jobs at the studio. Regrettably up to 350 of these resumes may have been accessed, and we are in the process of writing to each of the individuals who may have been affected to offer our sincere apologies for this situation. In addition, we have also discovered that up to 25,000 email addresses were obtained as a result of this breach. These email addresses are not linked to any additional personal information. They were site registration email addresses provided to us for users to receive product information updates.

There are two main risks here.

One threat is that if your email address is one of the 25,000 that has been stolen, you could receive a scam email (perhaps containing a malicious link or attached Trojan horse) that pretends to come from a video game company. After all, the hackers know that you’re interested enough in video games to give your email address to Eidos.

Secondly, the resumes from job hunters. This is a more serious problem. Just think of all the personal information you include on your CV: full name, date of birth, email and home address, telephone number, job history. This kind of information is a god-send to identity thieves interested in defrauding internet users.

So, it seems Sony is not the only video game company to be having problems with its computer security.

Lets hope the continuing stream of stories of companies having customer data stolen from them makes them take security more seriously in the future.

More information about the hack can be found on the KrebsOnSecurity blog.

Source :- http://nakedsecurity.sophos.com

You Can Now Tag Pages in Facebook Photos

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Ever had the urgent need to tag the Coke can you’re holding in that beach picnic picture on Facebook? Well, now you can, as the social network has added the ability to tag Pages in Facebook photos.

Starting Wednesday (although the feature does not appear to be live yet), users will be able to tag Pages for Brands & Products as well as People (more options coming soon) in their Facebook photos.

Tagged photos will appear in the Photos tab of a Page, rather than on that Page’s Wall, and anyone can tag a Page — even if a user hasn’t “Liked” it. Page admins can also nix photos from the tab by going into Edit Page > Posting Options > and unchecking “Users can add photos.”

For those who concerned about their privacy, Facebook assures us that privacy settings will still apply; if your photos are visible to everyone, everyone will be able to see the tagged snap, and if your photos are set to “only friends,” only friends will be able to check out that pic of you standing in front of the local Rite Aid.

This move could definitely be beneficial to certain brands. Imagine if people started tagging themselves wearing, say, Levi’s jeans. All of those snaps would then go to the Levi’s Facebook Page and result in free advertising.

Source :- http://mashable.com

Hypocritical Facebook scores PR own-goal with sleazy attack on Google privacy

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook has been left red-faced after having to admit that it hired a PR agency to plant negative stories with the press about privacy concerns on Google.

The irony is, of course, that Facebook is hardly a shining example of how an online firm should protect its users’ privacy.

Here’s what happened:

* Facebook secretly hired giant public relations firm Burson-Marsteller to seed stories in the media about privacy concerns with Google Social Search.

Google Social Search example

The Social Search feature of Google scours the web for publicly available information about you from sites such as Twitter, Yelp, Picasa, and FriendFeed, and displays it in the search results of your online friends.

* Facebook’s plan backfired badly when Burson-Marsteller approached former FTC investigator and blogger Christopher Soghoian offering him the story, but refusing to reveal who its client was. An unimpressed Soghoian published the email exchange.

Amid much speculation, The Daily Beast news website revealed that the firm pulling Burson-Marsteller’s strings was Facebook.

* Facebook confirmed it had hired PR firm Burson-Marsteller to promote the company’s position against Google’s Social Search facility and admitted that it should have presented the issues in a “a serious and transparent way”.

This wouldn’t necessarily have been a problem, if the PR agency had been up-front that it was representing Facebook when pitching the anti-Google stories in the first place. What is seedy is that Facebook’s involvement was deliberately hidden.

This whole story reeks of poor judgement by Facebook and its PR agency.

And it’s rather hypocritical for Facebook to point fingers at possible questions over Google’s attitude to privacy, when its own house is in such a mess.

For instance, Facebook recommends that users adopt privacy settings that can reveal their personal data to anyone on the internet.

Facebook's recommended privacy settings

Don’t believe me? Read the small print in Facebook’s privacy policy:

"Information set to 'everyone' is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations."

"The default privacy setting for certain types of information you post on Facebook is set to 'everyone.' You can review and change the default settings in your privacy settings. If you delete 'everyone' content that you posted on Facebook, we will remove it from your Facebook profile, but have no control over its use outside of Facebook."

In other words, if you make your Facebook information available to “everyone”, it actually means “everyone, forever”. Because even if you change your mind, it’s too late – and although Facebook say they will remove it from your profile they will have no control about how it is used outside of Facebook.

If Facebook really cared about your privacy online, wouldn’t it recommend more privacy-conscious settings and not default to sharing your profile information with search engines?

Facebook public search

If you’re interested in being safer on Facebook, read more about the security and privacy challenges that exist for Facebook users. You could also do a lot worse than follow the advice in our step-by-step guide for better security and privacy on Facebook.

And, if you’re a regular user of Facebook, be sure to join the Sophos page on Facebook to be kept informed of the latest security threats.

Full disclosure: Parts of Sophos, although not Naked Security, use Burson-Marsteller on some PR projects.

Source :- http://nakedsecurity.sophos.com

PREVENTING SPAM scam on Facebook does exactly the opposite

Image representing Facebook as depicted in Cru...

Image via CrunchBase

If you’re seeing Facebook messages asking you to “do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT,” don’t do so – you’d be creating spam, not stopping it!

The messages look something like this:

Usually, however, the clickable links at the bottom of messages on your Wall – highlighted in pink below – should look like this:

The scammers have replaced the “Share” option with a link labelled “== VERIFY MY ACCOUNT ==”. Clicking this not only activates the Share option (which you no longer realise you’re pressing), but also invokes a raft of heavily obfuscated JavaScript from a site in the .info domain. (This site is blocked by the web protection software in Sophos‘s endpoint and web gateway products.)

With all the unexpected Sharing going on, this message has spread like wild-fire. Instead of preventing spam, this particular campaign has been generating it at astonishing rates.

The good news is that Facebook seems to have taken some action to prevent the “Share” button being replaced in these messages. Since a few minutes ago, malicious messages appear with no links at all, like this:

The lessons to be learned from this outbreak of spam are as follows:

* Assume that messages which ask you to verify your account by clicking on a link are false. You wouldn’t (I hope) click on links in emails which claimed to come from your bank trying to panic you about your account. That would be a classic phishing scam using a false site to steal your username and password. So don’t trust that sort of link on Facebook, either.

* When you take some action on Facebook which doesn’t deliver what was promised – for example, if you end up Sharing or Liking something you didn’t intend to, or if you click through to an offer or competition which suddenly morphs into something completely different (a bait-and-switch) – assume you have been tricked. Review the side-effects of your actions. Remove any applications you may trustingly have accepted; unlike things you didn’t mean to like; and delete posts you didn’t intend to make.

* Be wary of unexpected changes to Facebook’s interface for Liking, Commenting, Sharing and so forth. Unfortunately, the nature of social networking sites is that they like to undergo rapid change. Cybercrooks exploit this by assuming that you accept ongoing changes as “part of how things work”. Don’t do so. If you see something different, check with an official source to see if it’s expected or not.

If sufficiently many Facebook users dig their heels in every time Facebook makes a gratuitous or confusing change in its interface, its privacy settings or its feature set, then it’s possible that Facebook will learn to adapt in ways which best suit the privacy and safety of its users, instead of adapting to improve its traffic and benefit its paying customers.

(Remember that as a Facebook user, you aren’t a customer. You’re effectively an informal employee, paid not in cash but in kind. Your “wage” is free access to the Facebook system. Your clicks generate the value for which Facebook can charge its customers – the advertisers who benefit from the fact that you use the network at all. Don’t sell yourself short.)

Source :- http://nakedsecurity.sophos.com

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: