Scammers will go to great lengths to steal your information, make money or deceitfully advertise. They’ll send phishing emails to steal passwords or unleash viruses on computers to hijack Web browsers. Scamming victims on the Internet doesn’t even have to be that arduous, especially since scammers can rely on your emotions and good intentions to deceive you.
In early 2014, CNN reported on a story about a photo of a smiling 7-year-old girl without hair posing in her cheerleading uniform. The photo was posted to Facebook and asked for “likes” as messages of support and prayers for her to beat cancer. In reality, the picture was almost six years old and never once posted to Facebook. The girl’s family had no clue it was even stolen from their Photobucket account and used for that purpose. The family, along with everyone who liked or shared the picture, were victims of like-farming — acquiring “likes” for fraudulent Facebook photos, posts and pages. Deceptive Facebook posts and pages garnering mass “likes” and shares are direct threats designed to spread a malware virus or collect personal information. Once scammers have your personalized data, such as location or age, they can use it to target a more dangerous attack like identity theft.
Like-Farming
Like-farming works by sharing viral content that’s fallacious and likely to receive hundreds of thousands of “likes” and shares. The more “likes” and shares a page receives, the higher its value and social visibility.
“It’s a way to trick Facebook’s algorithm,” describes CNN. Scott Kleinberg, a Chicago Tribune contributor, calls the liking scam a “sharing trap” — when people are manipulated into liking an emotionally gripping fake post as a scamming technique.
For example, a scammer may create a page dedicated to inspirational quotes and gain a large following. Then the scammer can strip the popular page to spread a virus, phish or advertise. The new page can be used to sell products or it can be sold to a black market website that now has access to your newsfeed. A scammer can also use the page as a way to spam users to click on links to spammy sweepstakes or giveaways. Information you provide by entering a fake contest could then be used for credit card or bank fraud.
Clickjacking
The threat of viral scammers and exploiting the Facebook “like” button hasn’t just recently shocked social networking. In 2010, scammers took advantage of the “like” button’s Javascript to create clickjacking exploits. Clickjacking tricks a user into clicking on a concealed link or revealing confidential information by accessing and performing actions on a hidden page. A user who clicks on the link implemented with the “like” button basically spreads pages virally throughout the site, explains The Guardian. Clickjacking, a browser-based attack, includes targeted links and catchy display text. Attracted to a sensationalized headline, the user will follow the link to a page that entices visitors to “click here!” After clicking on the page, an invisible iframe with a Facebook “like” button launches, and the link spreads. The “like” button embedded on an iframe enables the clickjacking attack to easily go viral as its exposure grows from newsfeed to newsfeed.
Best Practices for Prevention
Awareness is the first step to protect yourself. “Like” and share on Facebook vigilantly. If something sounds too good to be true or is obviously intended to monopolize on your emotions, it’s a red flag (e.g. an unbelievable trip giveaway or a picture of an abused animal at a pet shelter). Observe low-quality posts keenly, and don’t be afraid to report suspicious posts to Facebook as well. Securing your online activity and information with anti-virus security and even identity theft protection also provides extra assurance. Identity theft protection company LifeLock’s Facebook page offers valuable security information, from preventing identity theft consumer fraud to changing passwords because of the Heartbleed bug. Plus, if you are an AOL member, you can sign up for free LifeLock protection. Our Intego Mac Security Facebook page is another good resource for staying up-to-date on WindowsXP vulnerabilities and security risk mitigation.