Already facing an uphill misinformation fight, Facebook loses to scammers, too

Facebook’s focus on misinformation is leaving an opening for another type of scam.

A partial screenshot of one of the scam profiles pushing an adult dating scam on Facebook.

Enlarge / A partial screenshot of one of the scam profiles pushing an adult dating scam on Facebook.

Responding to critics in the US Congress and elsewhere who say Facebook isn’t doing enough to stop the flow of disinformation, the social network in recent days has purged hundreds of accounts it found were designed to sway elections, sow social division, and prop up ruthless governments. The focus has left an opening for scammers who routinely use Facebook to send unsuspecting users to fraudulent dating sites.

Randy Abrams, a senior security analyst at Webroot, told Ars that the account belonging to one of his family members was recently compromised. The people behind the compromise used the hacked account to send Abrams requests to like various accounts, which all showed images of scantily clad women inviting visitors to view videos. Many of the fake profiles had followers and likes in excess of 6,500, an indication the scam has been gaining traction. At the time this post went live, the campaign remained active, even after Ars reported it to the company's PR representatives.

The videos redirected to a variety of sites that invited viewers to meet nearby women who wanted sex. Many of the images on these sites showed nude women and asked visitors to enter credit card numbers to proceed. Clicking the browser's back arrow created an endless series of new sites. The only way to get out of the never-ending loop was to close the tab.

Read 13 remaining paragraphs | Comments

Facebook is failing to meet the burden of securing itself, security chief says

Enlarge / Facebook Chief Security Officer Alex Stamos. (credit: Dave Maass)
Facebook is failing to live up to the responsibility it faces for adequately securing the vast amount of personal information it amasses, the social network’s top security e…

Enlarge / Facebook Chief Security Officer Alex Stamos. (credit: Dave Maass)

Facebook is failing to live up to the responsibility it faces for adequately securing the vast amount of personal information it amasses, the social network's top security executive said in a leaked phone call with company employees.

"The threats that we are facing have increased significantly and the quality of the adversaries that we are facing," Facebook Chief Security Officer Alex Stamos said during a taped call, which was reported Thursday by ZDNet. "Both technically and from a cultural perspective, I don't feel like we have caught up with our responsibility."

He continued:

Read 5 remaining paragraphs | Comments

McAfee Labs: Faceliker Surge Manipulates Facebook “Likes” to Promote News, Other Content

Criminals excel in manipulating the trust within human relationships, particularly as individuals project themselves into digital realms such as social media. We see it in phishing messages, which fool us into clicking on a malicious weblink from what …

Criminals excel in manipulating the trust within human relationships, particularly as individuals project themselves into digital realms such as social media. We see it in phishing messages, which fool us into clicking on a malicious weblink from what appears to be a benign organization with which we do business. We also see it in the much discussed area of “fake news” on social networks, where readers are likely to take news reports “liked” by friends as legitimate news stories. Much has been written about how “fake news” is promoted by bots and other amplification services, and how such promotion may have had an impact on recent elections.

The McAfee Labs Threats Report: September 2017, released today, identifies a notable surge in similar activity by the Faceliker malware. This Trojan manipulates Facebook accounts clicks to artificially “like” certain content. Faceliker accounted for about 8.9% of the 52 million new malware samples detected in the quarter. It was a key driver in the 67% overall growth for the category during the period.

Faceliker is not the fault of Facebook. Rather, it is something users bring to Facebook.

Faceliker infects users’ browsers when they visit malicious or compromised websites. It then hijacks their Facebook account clicks in such a way that users think they are liking one thing, but the malware is redirecting the click. It acts on their behalf to click another “like” button without their knowledge or consent, essentially making each user an accomplice in the click fraud scheme.

Users aren’t negatively impacted by the Trojan, but they do appear to over-like certain content, skewing like-ratings through fraudulent inflation. The actors behind malware such as Faceliker sell their services to the actors behind the content.

Suspicious users can remove unrecognized likes by surveying their record of behavior in their activity log. To its credit, Facebook has put up defenses that detect fraudulent likes and ask a user to confirm that they intended to click as their browser appeared to click.

McAfee Labs Vice President Vincent Weafer has commented that as long as there is profit in such efforts, we should expect to see more such schemes in the future.

“Faceliker leverages and manipulates the social media and app-based communications we increasingly use today,” Weafer said. “By making apps or news articles appear more popular, accepted, and legitimate among friends, unknown actors can covertly influence the way we perceive value and even truth.”

Please see more threat statistics and trends analysis in this quarter’s report and follow us on Twitter at @McAfee_Labs.

The post McAfee Labs: Faceliker Surge Manipulates Facebook “Likes” to Promote News, Other Content appeared first on McAfee Blogs.

Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts

(credit: Aurich Lawson)
A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn.
Accord…

(credit: Aurich Lawson)

A low-tech but cunning malware program is worrying security researchers after it started spreading rapidly in the past week through a new attack vector: by forcibly exploiting vulnerabilities in Facebook and LinkedIn.

According to the Israeli security firm Check Point, security flaws in the two social networks allow a maliciously coded image file to download itself to a user's computer. Users who notice the download, and who then access the file, cause malicious code to install "Locky" ransomware onto their computers.

Locky has been around since early this year, and works by encrypting victims' files and demands a payment of around half a bitcoin (currently £294; $365) for the key. Previously, it had relied on a malicious macro in Word documents and spam e-mails, but Check Point says that in the past week there has been a "massive spread of the Locky ransomware via social media, particularly in its Facebook-based campaign."

Read 6 remaining paragraphs | Comments