Blog Archives

PREVENTING SPAM scam on Facebook does exactly the opposite

Image representing Facebook as depicted in Cru...

Image via CrunchBase

If you’re seeing Facebook messages asking you to “do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT,” don’t do so – you’d be creating spam, not stopping it!

The messages look something like this:

Usually, however, the clickable links at the bottom of messages on your Wall – highlighted in pink below – should look like this:

The scammers have replaced the “Share” option with a link labelled “== VERIFY MY ACCOUNT ==”. Clicking this not only activates the Share option (which you no longer realise you’re pressing), but also invokes a raft of heavily obfuscated JavaScript from a site in the .info domain. (This site is blocked by the web protection software in Sophos‘s endpoint and web gateway products.)

With all the unexpected Sharing going on, this message has spread like wild-fire. Instead of preventing spam, this particular campaign has been generating it at astonishing rates.

The good news is that Facebook seems to have taken some action to prevent the “Share” button being replaced in these messages. Since a few minutes ago, malicious messages appear with no links at all, like this:

The lessons to be learned from this outbreak of spam are as follows:

* Assume that messages which ask you to verify your account by clicking on a link are false. You wouldn’t (I hope) click on links in emails which claimed to come from your bank trying to panic you about your account. That would be a classic phishing scam using a false site to steal your username and password. So don’t trust that sort of link on Facebook, either.

* When you take some action on Facebook which doesn’t deliver what was promised – for example, if you end up Sharing or Liking something you didn’t intend to, or if you click through to an offer or competition which suddenly morphs into something completely different (a bait-and-switch) – assume you have been tricked. Review the side-effects of your actions. Remove any applications you may trustingly have accepted; unlike things you didn’t mean to like; and delete posts you didn’t intend to make.

* Be wary of unexpected changes to Facebook’s interface for Liking, Commenting, Sharing and so forth. Unfortunately, the nature of social networking sites is that they like to undergo rapid change. Cybercrooks exploit this by assuming that you accept ongoing changes as “part of how things work”. Don’t do so. If you see something different, check with an official source to see if it’s expected or not.

If sufficiently many Facebook users dig their heels in every time Facebook makes a gratuitous or confusing change in its interface, its privacy settings or its feature set, then it’s possible that Facebook will learn to adapt in ways which best suit the privacy and safety of its users, instead of adapting to improve its traffic and benefit its paying customers.

(Remember that as a Facebook user, you aren’t a customer. You’re effectively an informal employee, paid not in cash but in kind. Your “wage” is free access to the Facebook system. Your clicks generate the value for which Facebook can charge its customers – the advertisers who benefit from the fact that you use the network at all. Don’t sell yourself short.)

Source :- http://nakedsecurity.sophos.com

Advertisements

Facebook Launches ‘Send’ Button For More Selective Sharing, Announces 50 Million ‘Groups’


Facebook’s increasingly ubiquitous ‘Like’ button is getting a new friend: the Send button. Click on a webpage that has the Send button integrated, and you’ll be prompted to share it with any of your Facebook Groups, your Facebook friends, or any standard email address. In other words, where the Like button is designed to let you quickly share content with all of your Facebook friends, the Send button is for sharing with a subset of them.

Site designers are groaning right now (they have yet another sharing widget to integrate), but it’s a logical step for Facebook — there are certainly times when you want to share links with a handful of friends instead of your News Feed, and this gives you one less reason to fire up your non-Facebook email account. 50 sites are launching with the feature.

In addition to the new Send button, Facebook is adding a handful of features to its existing Groups product, which was overhauled last October. First is the introduction of photo albums for Groups. Before now it’s been possible to upload a single photo to a group, and now you’ll be able to upload a whole set. These photo albums are unusual because they’re walled within the Group — only other group members will be able to see them (even tagged photos aren’t visible to people on the outside).

The second addition is integration with Facebook Questions, which re-launched last month. Now you can pose a question that’s contained within the group.

Finally, and most important, is a new setting that will require Group administrators to approve any new members who have been invited to join the group. Up until now anyone within a Facebook Group was able to invite any of their friends (the idea was that you’d be violating the ‘social contract’ if you started inviting people who didn’t belong). But now Facebook recognizes that there are some groups that should be more private, so you can require admin approval.

Provided it gets broad distribution (which seems a given), the Send button will probably lead to a boost in Groups usage. It’s always been easy to share links within Groups, but this lowers the bar even further because you don’t have to leave the page you’re reading — you can imagine people using the button to share book reviews with their book club, close friends sharing new ideas for travel destinations, and so on.

And while ‘Send’ may not sound especially exciting given how long other sharing widgets have been around, this is yet another step in Facebook’s mission to reinvent email with their own “modern messaging system“, as CEO Mark Zuckerberg called it. One by one, they’re integrating easy ways to complete tasks that have traditionally been done over email. Today’s launch — sending links to friends — is obviously a huge one, and you can be sure they have others in the works. One other email-replacing feature I’ve heard about (though I’m not sure they’re still working on it): a way to send a structured poll to a subset of your friends.

Facebook says that there are now 50 million Facebook groups, and while not all of these are active, it says that the majority of them are.

Source :- http://techcrunch.com

Facebook Scam: Fake Event Invitation Claims To Show Who Viewed Your Profile

Another day, another Facebook profile scam.

This latest con, promising a peek at who has viewed your profile, is spreading via an event invite titled “WOW Now you can see anyone who looks at your profile!”

The invitation includes a link to a page that resembles a Facebook event page. Here, instructions guide you through copying and pasting a piece of javascript into your browser’s address bar, which you definitely don’t want to do.

Clicking the event’s “I’m Attending” button–don’t!–will likely push the scam to your friends’ news feeds.

In addition, an equally unsafe how-to video on getting free Facebook credits is embedded at the bottom of the phony page.

These kinds of Facebook scams surface frequently, sometimes as fake apps, other times as spammy Wall posts or instant messages. As usual, you should be wary of any Facebook event, app or message that promises to reveal who is looking at your profile.

If you’ve accidentally clicked on this invite, we recommend you remove all traces of the event from your news feed and wall, and double check your Facebook app settings.

Source : http://www.huffingtonpost.com

Facebook Like to get Share button feature

Tests are being conducted including very limited number of Facebook users

Popular social network Facebook s Like button has given birth to thousands of serial likers (Yes, I just made it up). Apparently to live up to the true motive of liking and sharing user-generated or uploaded content, Facebook had introduced new Share button last year. Till date, you could like almost everything on Facebook but can t share the same in your News Feed with your connections. Mashable reports that the Like button is soon getting Share functionality and thereby you can share the posted content with others.

Upcoming features at Facebook always keep showing up during the testing phase. Facebook spokeswoman Malorie Lucich informed that Facebook will continue to carry the Share button on the website. Lucich said, We re always testing new products that incorporate developer feedback as we work to improve the Platform experience, and have no details to share at this time.

Basically any post, photo, video, or link you Like on Facebook would get the Share functionality as well so that you can share it with others. In a way, it s just going to increase the noise by duplication of same post. To Like something on Facebook is very different from sharing it with others.  Marketers and publishers would certainly admire the new Share functionality of the Like button since the audience will be anticipated to like and share the content.
Like & Share buttons

The new feature has its own set of merits and demerits. The merit lies in the fact that users can share whatever they like with others after hitting Like button. But the demerit lies in the fact that just because one hits Like button doesn t mean user wants to share it with his/her friends. In fact just like several complain about certain users hitting Like button for everything and everywhere possible, it just becomes difficult to judge accurately whether the purpose was served or not.

The share functionality for Like button would be visible mostly on the Facebook web interface and mobile interface only. It won’t impact the individual Like and Share plugins available as part of Social Plugins. However, we do not underestimate the Facebook users for several know what each feature stands for. Hence I hope if and when this new feature rolls out, users will make use of it judiciously.

%d bloggers like this: