“Facebook scams are the most common online attack method, according to the 2016 edition of technology firm Cisco’s Annual Security Report, with 33,681,000 examples identified by the company’s researchers – just ahead of JavaScript attacks in its malware chart.
They are seen as a cost-effective method of compromising many users with relative ease, according to Cisco’s director of cybersecurity in the UK, Ireland and Africa, Terry Greer-King. Facebook scams take a number of forms, from fake news stories to suspect quizzes to pages that phish for users’ personal details.
One of the common tricks is to tempt users with click-bait headlines that seem to link to interesting or quirky news stories, but in fact lead to dangerous waters. Gavin Hammer, of social-media software firm Sendible, says: ‘The issue is they are legitimate websites who are paying to advertise, but are subsequently changing content. It’s the click-through with all the promise and no delivery.’ Viruses, worms, trojan horses, ransomware, spyware and other malware are installed in this way.
For all the scams that catch people out on Facebook, the social network has a lot of success in stopping many more. That has forced scammers to move off site to try to tempt users. Mike Lee, director of social media solutions at security firm Proofpoint, says there has been a drop in the kind of scams that try to get people to click on links to malware directly from Facebook.
‘One of the things that makes social media attractive to bad actors is its efficiency at delivering malicious content. A single comment on a popular Facebook page may be viewed by 10,000 followers,’ says Lee. ‘It’s much more difficult for a perpetrator to send out 10,000 scam emails that avoid spam filters.’ He also warns of a trend for fraudulent accounts pretending to impersonate trusted brands, creating profiles that impersonate that brand and then deliver scam lures. ‘For example, a bogus branded customer care account may direct fans to a bogus web site to reset their password as part of a system upgrade. That bogus web site is, of course, owned by the bad actor who is stealing credentials,’ he says.
James Maude, senior security engineer at Avecto turns to advice older than social media itself for a general rule of thumb. ‘The best advice is something that your parents probably taught you: if it looks too good to be true it probably is.’ ”
Read the full article here: Facebook Scammers: Expert Advice on How To Stay Safe