Spammy Facebook apps are nothing new, the web giant has been dealing
with suspicious behavior apps since the website launched the Facebook
Platform for developers in 2007. As an open source app development tool,
anyone can create an app, including people who really just want to
steal your information, and your money.
With cyber crime including identity theft, on the rise, more Facebook
users should begin to pay closer attention to what they click on,
especially if it is shared in a spammy way. Sophos reports that nearly
60,000 people have clicked on one scam in particular, which is one that
promises to allow you to see who has viewed your profile. The app
automatically posts a comment to the users timeline, and sometimes posts
as a photo with the message ‘OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile ! on (link here). ‘
The app does not actually allow users to see profile views but instead
leads them, and anyone who clicks on the link posted to their wall, to a
phishing scam designed to steal personal information. And despite the
red flags, Sophos, who tracked a single link through bit.ly, found that
more than 58,000 people clicked on the link before it was shut down.
Real Life Example
Another all too common Facebook phishing app is the ‘Facebook Colors’
app which can appear as ‘Facebook Green’, ‘Facebook Red’, or in the
case of this demonstration ‘Facebook Black.’ The following app was
installed on a computer with a fully working antivirus including a link
scanner.
First, Facebook Black demonstrates a couple of spammy properties right
off the bat. Typically when real people post, they do not post a photo
and a comment, which is the first sign. Second, most will say something
other than ‘check it out’. Last but not least, if you see more
than one person posting the same comment with a link, you definitely
have a spam app on your hands. For anyone looking forward to installing a
black Facebook let’s look at where this particular app goes.
What this shows you is that despite being advertised as a Facebook
application, it’s actually a web browser app. You will have to allow it
on your Facebook first, but will then be asked to allow it in your
browser. Should you install it to test it out yourself, you can
uninstall it via your browser applications. After clicking ‘add’ you
would expect to be taken to a ‘black’ Facebook. Instead, you get this
page.
You can click on any of the three ‘ you've won’ options, although I
tested all three and while two led to phishing websites, one was
actually broken, which is more than a little hilarious. The broken link
actually goes to this page.
Which is absolutely nowhere, and just about the safest you will get with
this particular app installed on your browser. One of the other links
was slightly less benign, and was actually picked up by
the linkscanner on the browser.
Many Facebook scam and phishing apps promise users things that seem hard
to resist. Options such as profile personalization, viewing people who
spend time on your profile, and even some games can instead steal your
information or spam your friends with malware and viruses, and post
items on your wall without your permission. Most of these apps are
designed to make money for the maker in some way or another, and usually
that money is made off of you.
Warning Signs
Most apps on Facebook are perfectly benign and can be used without a
problem. There are however a couple of basic signs you can look out for
to help with recognizing scam and phishing apps.
- Automatic tagging and sharing links
- Automatic Commenting and sharing links
- Automatic Invitations
- Promised Features That You Haven't Already Seen in Use
- The App Vanishes With No Results After Being Installed
Removing a Spam or Phishing App from Your Facebook
If the app you have installed includes any of the following signs, you
might want to remove it as quickly as possible. The current version of
Facebook allows you to completely control which apps have access to your
profile by clicking the small gear in the upper lefthand corner. From
there, you can click ‘settings’ and then ‘apps’ from the app page. You
can remove anything in the apps that you are not familiar with or did
not install.
If the app has in fact installed to your browser, you can likely
uninstall it by going into tools and then extensions or add-ons
depending on which browser you are using.
Studies show that identity theft is once again rising to become the most
popular scam. Phishing emails and apps are the easiest way to steal
identity including name, phone number, credit card information, and even
home address. An estimated 12.6 million Americans were the victims of
Identity theft in 2012, a number that is nearly as high as the 2009
record of 13.9 million. The only way to protect yourself is by
exercising caution and thinking before you click.
Guest Post by Brandy Cross, freelance writer and tech blogger for The High Tech Society. She loves hot cups of tea, zombies, games, and learning new things.
No comments:
Post a Comment