As Facebook beefs up its security, hackers and spammers are constantly looking into new ways to infect users. As Facebook’s popularity grows (not that it isn’t already the most popular website), so does the amount of spam and scam. Facebook has such an infestation of these things that I’d bet if you’ve been on Facebook for a decent amount of time, you surely have come across at least one such scam. But why does such scam exists? And why does it spread so quickly when it is a bad thing, and people try to avoid it? In this post, we’ll discuss these questions, and see how scams can be avoided.
What these scams can do?
For a start, these scams are like biological viruses, which will take steps to ensure their own survival by replicating or spreading themselves. Hence, these scams go ‘viral’ in the literal sense, infecting one user to the nest. As far as what a these scams can do, well, there are lots of reasons they are made.
Some of them are harmless, and are only intended to trick users into visiting their host site and clicking on ads so they can make some money. But some are built for much more sinister purposes, such as phishing. They can gain access to your information, and make it public. Even your password can be gained this way, which will result in you being locked out of your account. Whatever the intention, it’s best to stay away from them.
How do these scams spread?
Matt Jones, a member of Facebook’s Data and Security team, explains this. There are two basic ways these scams spread; share-baiting, and cross-site scripting (self-xss). Here is a video explaining these concepts.
[youtube http://www.youtube.com/watch?v=9w9787kYNbU?rel=0]
Share baiting is basically asking people to share a link in order to be able to watch a video or an image. Most of these are accompanied by challenges to the users, such as “98% of the people can’t watch this video for more than 25 seconds” (as it says in the video). If you have using Facebook for some time, you will find this somewhat familiar. Last year, a lot many of these scams hit Facebook, saying things like “This mother went to prison after doing this to her son” or “You will be stunned after watching these images” or “I bet you can’t bear to watch all of these images” and so on. Notice that these taglines are either posing challenges to the readers, or they sound so interesting that many can’t resist but click on them. And before anyone can see these images, they have to share it with all their friends. And this is just the first part of their strategy.
The second part is self cross-site scripting. Cross site scripting usually involves a flash video, and some JavaScript wizardry. It isn’t magic, just a simple trick. During a video, these scams will ask you to do some action, and press some shortcut keys that will paste a special JavaScript code into the address bar of your browser. This code will execute, and will share the post on your profile without even your knowledge! Of course, Facebook can’t do much about this, because JavaScript code works just as if you shared the post yourself. Besides sharing, there’s much these code snippets can do.
Whose fault is this?
Of course the blame goes to the person who created such a scam. But blaming them would have as much effect as talking to a rock. But on a smaller level, I think everyone is to blame, from browsers, to Facebook, to the users. The users are of course on the front line. They need to be the most careful. And in all the cases, it’s the user’s fault. But there are things that Facebook can do as well. Usually, XSS comes through flash videos. These unreliable videos contain the malicious codes in them. Reliable video sources such as YouTube don’t allow any such thing. So what Facebook can do is, dis allow videos from any un reliable sources, and check suspicious videos individually for scam.
These scams also stem from browser vulnerabilities. According to Matt, Google Chrome and Safari are susceptible to these kinds of attacks. Other browsers like IE9 or FireFox disallow such scripting. Hence, at some level, browsers can be blamed as well. But it’s really up to you to decide whether you want to spread scam or not. Learn to spot scam and spam, and avoid them. And always stay safe 🙂
Facebook seems to be coping up very well with it. Comparing the situation now to the one in the past, the have improved. Once, there was a craze of social apps on Facebook then they started to spread spam so Facebook made relevant changes to halt them.
I’m looking to get a qualified writer, long time in this area. Outstanding post!