Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":62,"date":"2016-05-16T17:54:37","date_gmt":"2016-05-16T17:54:37","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=62"},"modified":"2019-04-17T12:25:23","modified_gmt":"2019-04-17T12:25:23","slug":"facebook-spam-prevention-actually-a-spam-scam","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2016\/05\/16\/facebook-spam-prevention-actually-a-spam-scam\/","title":{"rendered":"Facebook Spam Prevention Actually a Spam Scam"},"content":{"rendered":"

\"kingdom\"There\u2019s an old saying: in the kingdom of the blind, the one-eyed man is king. It seems like social media is chock-a-block with the blind, a fact the one-eyed men are wasting no time exploiting. If Web 2.0 does one thing well, it\u2019s that it makes jumping in to the world of Facebook, Twitter and LinkedIn easy and pain free, meaning that anyone can \u2013 and does \u2013 jump into the fray, almost instantly getting started friending and trending, flagging and tagging. One doesn\u2019t have to be a tecchie to figure out how to use social media; one just has to start typing. In fact, it may be a little too easy. In the eyes of IT professionals, it\u2019s almost as if the hackers and spammers have hung a large shingle out – HELP WANTED. LACK OF TECHNICAL EXPERIENCE AN ASSET. So if anyone was wondering why the war between social media and spam feels like a losing battle, look no further than this.<\/p>\n

In the most recent spam scam to assault Facebook, users are being greeted with a message advising them to \u2018verify\u2019 their account, seemingly a noble act of spam prevention and surely not spam itself, right? Not so fast. Those rascally little hackers have swapped out the \u2018Like \u2013 Comment – Share\u2019 links with a \u2018== VERIFY MY ACCOUNT ==\u2019 link, making clicking eminently attractive and practically unavoidable for the uninformed user. Clicking the link, of course, has exactly the opposite effect advertised by the malware, not only posting the message on the user\u2019s wall, but in fact spreading JavaScript that, according to The Register<\/a>, is \u201chighly obfuscated.\u201d (If interested, you can check out an interesting analysis of the script here<\/a>.)<\/p>\n

\u201c<\/strong>Facebook has become a veritable cesspool of spam, with fake links promising to show users things like how many people have visited your profile or the never-released photos of Osama bin Laden’s body,\u201d reports the Detroit Free Press<\/a>. In fact, it seems that these clickjacking schemes have become the norm and Facebook, by its own admission, has only been able to react to the scams as they appear. \u201cWe’ve been shutting down the scammy pages that are the source of this spam as soon as we detect them or they’re reported to us,\u201d Facebook\u2019s Fred Wolens told the Free Press.<\/p>\n

So let\u2019s return to the kingdom of the blind. No disrespect to any Facebook user intended, but knowing how to recognize a genuine security threat often requires three things: experience, specialized understanding in what goes on under the hood, and the requisite savvy that comes with being an IT professional. The first one is easy. Think about the first time you learned that touching an open flame wasn\u2019t such a good idea. Anyone who\u2019s been nailed at least once by a malicious link will testify that they think twice before clicking again. The second and third, however, require specialized information that, simply speaking, aren\u2019t part of the average computer user\u2019s frame of reference. And to be fair to Facebook users everywhere, they shouldn\u2019t need to have that specialized knowledge. It would be counterintuitive to the concept that Facebook is easy<\/em> to join. Easy<\/em> to use.<\/p>\n

To give Facebook credit, last week the website announced<\/a> several new features implemented to combat clickjacking:<\/p>\n

Web of Trust (WOT)<\/strong> \u2013 Web of Trust is a free service that grades sites based on user experience. Basically a community that relies upon reported links, WOT intercepts links in Facebook, warning the user that the link could be dangerous, if it has been frequently reported by the community.<\/p>\n

Clickjacking Prevention<\/strong> \u2013 Since clickjacking is based on tricking the user into thinking they\u2019re clicking on one thing when in fact they\u2019re clicking on another, Facebook has implemented extra security measures to detect if links are trying to pretend they\u2019re something else. In essence, users will be required to confirm their choices when they click \u201cLike.\u201d<\/p>\n

Cross-Site Scripting (XSS) Protection<\/strong> \u2013 <\/strong>Malware often tricks users into pasting malicious code into the browser address bar. Facebook has added an extra layer of protection, providing a popup window advising the user that he or she is trying to address a bad link.<\/p>\n

Login Approvals<\/strong> \u2013 Facebook has added an optional \u2013 but highly recommended \u2013 layer of security by offering two-factor authentication, meaning that whenever a user tries to log on to Facebook from a new device, he or she will also have to enter a code sent via SMS to the user\u2019s mobile device.<\/p>\n

If you\u2019re reading this and you have responsibility for office workers who have access to Facebook, you\u2019re probably already copying and pasting into an enterprise-wide email.  That would be a wise choice.<\/p>\n

Let\u2019s face the facts. Social networking does a great job of bringing people together in cyberspace. The problem: it also makes it way too easy to put hackers, spammers and cyberpunks together with innocent users who are not trained \u2013 or even interested in being trained \u2013 in how to recognize malicious code and spam when and where it appears. As memberships continue to grow in unprecedented proportions, hackers will continue to figure out how to exploit the system.<\/p>\n

You had better hang on. The one-eyed men aren\u2019t going away anytime soon. In fact, they\u2019re fitting themselves for crowns.<\/p>\n","protected":false},"excerpt":{"rendered":"

There\u2019s an old saying: in the kingdom of the blind, the one-eyed man is king. It seems like social media is chock-a-block with the blind,… <\/p>\n","protected":false},"author":3,"featured_media":63,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,14],"tags":[11,9,10,8,7],"class_list":["post-62","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-spam","tag-allspammedup","tag-bot","tag-botnet","tag-malware","tag-spam","jsn-master"],"_links":{"self":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/62","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/comments?post=62"}],"version-history":[{"count":3,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/62\/revisions"}],"predecessor-version":[{"id":1858,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/posts\/62\/revisions\/1858"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/media\/63"}],"wp:attachment":[{"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/media?parent=62"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/categories?post=62"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hidefideas.com\/blog\/wp-json\/wp\/v2\/tags?post=62"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}