Tag Archives: facebook

Facebook Messenger app stirs privacy pot

      No Comments on Facebook Messenger app stirs privacy pot

Lately, you may have noticed that when you try to send messages through Facebook’s mobile app on your phone and tablet, you are prompted to download the standalone Facebook Messenger app. It’s a cool app which allows you to message your Facebook friends, send picture and video messages, and call any of your Facebook friends […]

New avast! Account with Facebook Security is here. Join Beta testing

Security and privacy on Social Media is a big topic at AVAST. While our antivirus products protect your various devices from malware infection spread on social channels, your privacy is still exposed to the public. Not anymore! It’s been a while, since we acquired Secure. me and it’s a superb product. Our team worked hard to […]

Your child on Facebook: learn about the privacy settings

Security matters to everyone, however security of our children is our top priority. We make sure that they are safe at school, home, and on the streets. Equally we need to provide them with a safe experience in the cyberworld. Recently, we published a blog about general online security of the children, which suggested that […]

Hacking Facebook: Scammers Trick Users to Gain Likes and Followers

Late last week, Facebook users in India were tricked by scammers who were claiming to offer a tool that could hack Facebook in order to obtain passwords belonging to the users’ friends. Unfortunately for these users, they actually ended up hacking their own accounts for the scammers and exposed their friends in the process.

Figure1_11.png

Figure 1. Scam promoting how to hack your Facebook friends

Want to hack your friends?
A post began circulating on Facebook from a particular page featuring a video with instructions on “Facebook Hacking” with a disclaimer stating that it was for education purposes only. The post links to a document hosted on Google Drive that contains some code that, according to the scam, will allow users to reveal their friends’ Facebook passwords. The instructions attempt to convince the user to paste the code into their browser console window and asks them to wait two hours before the hack will supposedly work.

You just hacked yourself

Figure2_7.png

Figure 2. Facebook account hijacked to follow and like various pages

What really happens when you paste this code into your browser console window is that a series of actions are performed using your Facebook account without your knowledge. Behind the scenes, your account is used to follow lists and users, and give likes to pages in order to inflate the follower and like counts defined by the scammers.

Figure3_5.png

Figure 3. What does the Fox say? I have over 56,000 likes!

Your account is also used to tag the names of all your friends in the comment section of the original post. This is done to help the scam spread further, playing off the curiosity of your friends, who may visit the post to find out more and hopefully follow the instructions as well.

Figure4_6.png

Figure 4. User’s compromised account tags friends in the original scam post

What is this type of scam called?
This scam is a variation of a method known as self-XSS (self cross-site scripting), where a user is tricked into copying and pasting code into their browser’s console that will perform various actions on their behalf.

Facebook is trying to discourage users from unwittingly causing harm to their accounts through this method. Some users that attempt to paste code may receive a warning from within their browser’s developer console that points to the following link:

https://www.facebook.com/selfxss

Is this type of scam new?
This type of scam originally began circulating back in 2011. This current iteration has been around since at least the beginning of 2014.

The original scammers behind this iteration had great success with the scam at the beginning of this year, netting between 50,000 to 100,000 likes and followers on a number of pages and profiles. Some of the variable names in the code (mesaj and arkadaslar) suggest the authors are of Turkish descent.

Why is this affecting users in India?
For this campaign, the individuals responsible are based in India. They have modified the original authors’ code by simply adding their own pages and profiles into the script to increase their follower and like counts.

What to do if you have fallen for this scam
If your account has liked and followed a number of pages and profiles without your consent, you should review your activity log. From your activity log, you can locate, unlike and unfollow the pages and profiles associated with this scam.  You should also consider posting a status update notifying your friends about the scam to make sure they don’t fall for the same trick.

The opposite of ethical hacking

Figure5_3.png

Figure 5. Scammers label their efforts as “ethical hacking”

While investigating this scam, we found that the individuals behind it were publicly discussing their efforts. Speaking in Punjabi, one of the individuals summed it up by saying, “Now this is the way ethical hacking is happening.” However, these efforts couldn’t be further from the concept of ethical hacking.

A lesson learned
Always remember that if it sounds too good to be true, it is. Being able to hack someone’s Facebook password by just pasting some code into your browser sounds way too easy and should signal that this is a scam. At the end of the day, your account would be impacted and the safety of your account could be at risk. It’s best to err on the side of caution and think twice before following instructions that ask you to paste code into your browser to hack passwords or unlock features on a website.

Facebook is spring cleaning your News Feed

Last year, Facebook had the dubious honor of containing more spam than other social networks. In order to combat this scourge, Facebook recently announced a series of  improvements to the News Feed to help ensure that spammy content does not drown out the posts that people really want to see from friends and Pages they […]

?????????????????? Facebook ?????????????????

政治家がフィッシングサイトで利用される例は後を絶ちませんが、インドの総選挙が始まったことを受け、フィッシング詐欺師は地元の政治家やその政党を餌にインドのユーザーを狙い始めています。

シマンテックは最近、Facebook の表示を偽装するフィッシングサイトを確認しており、なかには元ニューデリー州首相でありアーム・アードミ党の党首であるアルビンド・ケジリワル(Arvind Kejariwal)氏も含まれています。フィッシングサイトのホストサーバーは、米国ミシガン州のランシングに置かれていました。

figure1_facebookspam.png
図 1. フィッシングサイトに掲載されている偽の「いいね」ボタンとアルビンド・ケジリワル氏の写真

上の画像でもわかるとおり、フィッシングサイトには「Unite With Us Against Corruption(団結して政治の腐敗と戦おう)」というタイトルが付けられ、アーム・アードミ党のポスターと、Facebook の偽の「いいね」ボタンが使われています。サイトの背景画像は同党の党首アルビンド・ケジリワル氏の写真で、氏が先日 Twitter に投稿した「Political revolution in India has begun.(インドの政治革命が始まった。)Bharat jaldi badlega」というモットーも書かれています。最後の言葉は「もうすぐインドは変わる」という意味です。

この「いいね」ボタンをクリックすると、アーム・アードミ党のページに「いいね」を付けるために、Facebook のログイン情報を入力するよう求められます。

figure2_facebookspam.png
図 2. アーム・アードミ党のページに「いいね」を付けるために Facebook のログイン情報を入力するよう求められる

このフィッシングページで使われているログインの指示には、紛らわしい部分もあります。アーム・アードミ党の名前を出すかわりに、Facebook のユーザー情報でログインし、可愛い女の子の写真に「いいね」を付けるよう求めてくるのです。これと同じように女の子の写真を使うフィッシングサイトは、以前にも登場したことがあります。フィッシング詐欺師が同じテンプレートを使って別のアプリケーションをホストするのはよくあることですが、どうやら今回は、可愛い女の子の写真についての説明を変更し忘れたようです。ユーザーがログイン情報を入力すると、フィッシングサイトから確認ページにリダイレクトされます。確認ページでは、もう一度「いいね」ボタンをクリックするよう求められます。

figure3_facebookspam.png
図 3. 確認ページに表示されるログイン確認メッセージと「いいね」ボタン

確認ページには、前のログインページで入力した電子メールアドレスが表示されます。「いいね」ボタンの横には、アーム・アードミ党がこれまでに獲得した「いいね」の件数も表示されますが、これは偽の数字です。ボタンもダミーであり、何の機能も果たしていません。この手口に乗って個人情報を入力したユーザーは、個人情報を盗まれ、なりすまし犯罪に使われてしまいます。

インターネットを利用する際には、フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。

  • アカウントにログインするときに、アドレスバーの URL を確かめ、間違いなく目的の Web サイトのアドレスであることを確認する。
  • 電子メールメッセージの中の疑わしいリンクはクリックしない。
  • 電子メールに返信するときに個人情報を記述しない。
  • ポップアップページやポップアップウィンドウに個人情報を入力しない。
  • 個人情報や口座情報を入力する際には、鍵マーク(画像やアイコン)、「https」の文字、緑色のアドレスバーなどが使われていることを確かめ、その Web サイトが SSL で暗号化されていることを確認する。
  • ノートン インターネットセキュリティやノートン 360 など、フィッシング詐欺やソーシャルネットワーク詐欺から保護する統合セキュリティソフトウェアを使う。
  • 電子メールで送られてきたリンクや、ソーシャルネットワークに掲載されているリンクがどんなに魅力的でも不用意にクリックしない。

 

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

Phishers Spoof Facebook Appearance and Promote India’s Aam Aadmi Party

Politicians are frequently featured on phishing sites and in light of the ongoing general election in India, phishers are starting to target Indian users by using a local politician and his party as bait. 

Symantec recently observed a phishing site which spoofs Facebook’s appearance and includes Arvind Kejariwal, the former chief minister of New Delhi and leader of the Aam Aadmi Party. The phishing site was hosted on servers based in Lansing, Michigan in the US. 

figure1_facebookspam.png
Figure 1. A fake Facebook “like” button and a picture of Arvind Kejariwal on the phishing site

As seen in the previous image, the phishing site, titled “Unite With Us Against Corruption”, uses a poster of the Aam Aadmi Party along with a fake Facebook “like” button. The site’s background image is a picture of the party’s leader Arvind Kejariwal and his latest Twitter tagline, which states that “Political revolution in India has begun. Bharat jaldi badlega.” The second sentence translates to “India will soon change”. 

After clicking on the “like” button, users are prompted to input their Facebook login credentials so that they can “like” the Aam Aadmi party page. 

figure2_facebookspam.png
Figure 2. Users are asked to input their Facebook login data to “like” the Aam Aadmi party page

The phishers also used a misleading login prompt in the phishing page. Instead of mentioning the Aam Aadmi Party, the page tells users to log in with their Facebook details to like cute baby pictures. Symantec has already seen a similar phishing site which used a picture of a young girl. Phishers frequently use the same template to host different applications but this time, they forgot to change the reference to cute baby pictures. After the user enters their login credentials, the phishing site redirects the user to an acknowledgment page. The Web page then asks the user to click another “like” button.

figure3_facebookspam.png
Figure 3. A login confirmation and the “like” button on the acknowledgement page

The email address entered in the previous login page is now displayed on the acknowledgement page. The “like” button is placed beside a fake number that claims to show the amount of likes the party has already gained. However, the button is just a dummy and does not perform any functions. If users fell victim to the phishing site by entering their personal data, phishers would have successfully stolen their confidential information for identity theft purposes.

Symantec advises Internet users to follow these best practices to avoid becoming victims of phishing attacks.

  • Check the URL in the address bar when logging into your account to make sure it belongs to the website that you want to visit
  • Do not click on suspicious links in email messages
  • Do not provide any personal information when replying to an email
  • Do not enter personal information in a pop-up page or window
  • Ensure that the website is encrypted with an SSL certificate by looking for a picture of a padlock image or icon, “https”, or the green address bar when entering personal or financial information
  • Use comprehensive security software, such as Norton Internet Security or Norton 360 to protect you from phishing and social networking scams
  • Exercise caution when clicking on enticing links sent through emails or posted on social networks