Cyber ​​criminals target Facebook users again

Farmville and “Sex and the City 2” as bait for fake “likes” posts

PandaLabs warns of a new threat to users of social networks in which the Facebook "Like" button is being misused for criminal purposes. Victims are logged in Facebook users who receive news on top topics such as Farmville or the film "Sex and the City 2".

{jumi [plugins/content/jumi/newsgrafik.php]}

This will lure you to pages outside of Facebook, where you can click the "Like" button. This can lead to misuse of your Facebook profile. An automated text that recommends visiting certain websites appears in the user's profile with the "Like" symbol. In this way, cybercriminals can, for example, increase the access rates to pages with which they earn money or on which further malware is lurking.

{jumi [plugins/content/jumi/news.php]}

Facebook has over 400 million active users worldwide. Internet criminals use the reach of this large platform to increase the number of clicks on their websites and to earn money with it. They use the technique of “clickjacking”, a mixture of “to click” and “to hijack” (robbery): Facebook users receive status messages from their friends in the form “Your friend likes Farmville”. If interested Facebook users click on Farmville in this case, they will be directed to external websites. These websites ask the user to click on a link to have full access to information, videos and photos on the website. However, something else happens in the background if the user follows the request and is logged into Facebook at the same time. Because a "Like" post including an automated text appears on your pin board. So Facebook users unwittingly recommend these websites to their friends. The "clickjacking" uses a very simple application that uses the Javascript command of the "Like" button. Luis Corron, Technical Director at PandaLabs, reminds this spreading technique of "computer worms, although at this point in time no malware is spreading".

The advantage for cybercriminals has so far been elsewhere. The more Facebook friends click on the fake posts and links, the more they earn from the clicks. The business model is based on the pay-per-click system. By luring unsuspecting users to websites with advertisements, the income of the cybercriminals' partners increases. The websites also offer all kinds of tests for which the participants have to pay. Luis Corrons warns: "Facebook users should not only be careful when surfing, but also with messages that they receive via Facebook and that contain links, whether in the inbox or on the pin board." (mh)

 

Panda Security