Filed under: Security, News, web 2.0
Did you realize some Facebook apps are being used to steal your data?
Phishing [Wikipedia] is nothing new. The bad guys have been spamming our inboxes for a long, long time hoping we'll click on some bogus link and provide them with important personal info like usernames, passwords, and credit card numbers.
Attacks like this rarely limit themselves to one avenue. So where do the bad guys go to find victims when they're not busy spamming? Why, the world's number one social networking site, of course!
Yep. Facebook, with its millions of users and juicy apps platform make it the perfect place for this type of vermin to set up shop. Trend Micro has found several phishing scams before that lured people to fake (but convincing) Facebook sites to harvest data. Now, however, they're doing it to you from the inside.
Trend researchers have discovered three applications so far that run on the Facebook apps platform. They can post notifications to your timeline, just like any legitimate app. The actual phishing is still done off-site, but the look is very, very convincing and you're returned to your Facebook profile afterward. It looks innocent enough, but once you've entered your credentials there's no telling what someone has planned for them.
Attacks like this rarely limit themselves to one avenue. So where do the bad guys go to find victims when they're not busy spamming? Why, the world's number one social networking site, of course!
Yep. Facebook, with its millions of users and juicy apps platform make it the perfect place for this type of vermin to set up shop. Trend Micro has found several phishing scams before that lured people to fake (but convincing) Facebook sites to harvest data. Now, however, they're doing it to you from the inside.
Trend researchers have discovered three applications so far that run on the Facebook apps platform. They can post notifications to your timeline, just like any legitimate app. The actual phishing is still done off-site, but the look is very, very convincing and you're returned to your Facebook profile afterward. It looks innocent enough, but once you've entered your credentials there's no telling what someone has planned for them.
Once Facebook receives notice that something like this is going on, the apps are typically shut down very quickly. They can, however, reappear with different names and the same old tricks.
How do you protect yourself? Many antivirus products include some element of phishing defense, but you may also want to use additional protection like WebOfTrust or AVG's LinkScanner. They'll notify you with big, read warnings when you're on a website that isn't trusted.
Apart from that, be careful what apps you install and make sure you only enter your Facebook username and password on Facebook.com. If the domain in your web browser's address bar doesn't match, exercise caution.
Get a WordPress.com Blog
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Saint Seminole said 1:31PM on 8-20-2009
Certainly good advice, for any website. Unfortunately, Facebook's very infrastructure makes this approach easy, since every app you install asks the dangerous question: "Can we get all your data, at any time, without asking you again?" And people keep clicking on those things.
It was that very "app approval" process that scared me away from Facebook in the first place, along with the site's own TOS, which basically asks the same question, in addition to claiming rights to your photos, etc. (Yes, I'm one of those odd people who reads the TOS before signing up to something...)
Reply
Rich said 2:25PM on 8-20-2009
Just yet another example why to avoid Facebook.
Reply
Marco said 2:20PM on 8-22-2009
Good article, Lee.
I realized something weeks ago. Actually, I hate Facebook and all this web 2.0 style social networking. I have real friends and don't need to stay in contact with them via some network lol. Thanks to the good lord (or maybe just the developers...), we have phone and email... or I could just walk to them ;-)
Anyways, when I use Mobster for example... the people I play with can see my *full* name in the application. "I" automatically send them notifications that I played with them. Same with every other Facebook application that I was trying out. Even the movie review site Flixster or whatever their name was. No way to deactivate it.
A reason for me to delete *all* applications from Facebook. Facebook cannot guarantee any privacy for me. It was asking me to set up privacy options... but what if I did hide my profile to others... how is it possible that others - non friends - can access them via third party applications. No way Facebook! :-(
And somehow Facebook is starting to become a second MySpace...
Reply