Have you noticed how dramatically different your online experiences are these days? Not only did we get new services like a Timeline rolled out to all of us, but we’re now seeing sponsored posts in our News Feeds and soon we’ll be able to purchase gifts for our friends’ milestones like birthdays. I like these innovations but I’ve also noticed new malware and dodgy “tricks” going on from cyber-tricksters and scam advertisers alike. And in our mobile devices, there are new and emerging problems like “smishing”, which is SMS-based phishing attacks and greedy, information-gobbling “app goblins” to watch out for.
In your social networks, you may have noticed these wierd scam posts. These often start with items in a friend’s newsfeed that look like a cool or funny video with a link, a profile viewer "app", or an offer on some high heeled or sports shoes. None of these seem in character for your friend but sometimes the title or comment is so intriguing you find yourself clicking the link. Uh oh! And here’s how the scam might work: you click to see a video and your browser leaves the social network and goes to a fake social network login page. There you are prompted to re-enter your account credentials to see the video. And if you do, you’ve shared that info with a cybercriminal. Or you are instructed to download a video player, which likely includes malware that steals your private information. And even if you figure out this is a scam and click to close the window or click a button that says “return to (social network)”, you’ve actually clicked on some code that will repost the scam to your own news feed. This is commonly known as a "click jacking": you “click” and your browser was “hijacked”. Fortunately, Facebook has added a feature that alerts you with a confirmation request when you click on a known bad link, which has really cut down on some of these issues. And I highly recommend using Norton's free Safe Web for Facebook to help, too.
More recently, I’ve noticed scary or amazing looking photos (often doctored, but still) with hundreds of thousands of “Likes” and many thousands of comments. Now, if you were to follow the instructions on the photo of the man on the cliff’s edge, followed closely by a hungry bear, you would click “Like” and then type “Jump” to see the man jump; or click “Like” to see what happens to all the surfers when the big wave full of – what is that, seaweed? Or squid? – gets them. If you click on the comments, you’ll see that nothing happens, or people can’t get the point of the photo. Don’t bother clicking, these are Facebook Ad Scams, designed to get you to like the page which seems to create value for the scammer by having large numbers of fans. You can do a web search on the terms “Facebook fan page for sale” and see how people have learned to monetize these photo tricks. You won’t get hit with malware but you are falling for a very unsatisfying prank that makes them money without giving you any treats.
Lastly, lots of us are enjoying mobile apps. Did you get a new iPhone 5 and are filling it with apps and games? Or a new Windows phone? Remember to stick to the authentic app store for your device and pay attention to the publisher of the app, how long it’s been available and how well liked it is among users. You want to not only avoid falling for scam apps that may mimic popular and legitimate ones but could harbor malware that steals private information and signs you up for premium services without your permission. And speaking of permissions, that’s the term for the levels of access you allow an app to have with all your cell phone’s information: location, contact list, phone number, browser history and so forth. Make sure you are comfortable with the permissions you will allow. You can learn more at www.mobilesecurity.com and click on App View at the top of the page.
(Image of Profile Viewer courtesy of techblog.omidfarhang.com)