Facebook was dangerous territory for Web surfers this past weekend, as online hackers launched several scams using enticing topics like 2Pac’s murder and the death of Facebook itself to lure victims and spread viruses.
On Saturday (Jan. 8), posts began circulating around Facebook claiming that controversial hip-hop impresario Suge Knight had been arrested for the still unsolved 1996 murder of famed rapper Tupac Shakur, reported Graham Cluley, senior technology consultant for the security firm Sophos.
The posts read, “It seems they finally solved the mystery of TUPAC’s killer, Suge Knight was arrested today, watch the full video!”
To get to the video, users were told to click on a shortened URL. Doing so didn’t reveal any shocking footage, but instead took those lured in to a page requesting permission for a rogue application to access their basic information, including name, list of friends and user identification.
Given this scam, can one about The Notorious B.I.G. be far behind?
Death seemed to be a running theme with Facebook scammers this weekend: Cluley noted another scam “spreading like wildfire across Facebook,” claiming that Facebook would officially shut down on March 15.
Like the 2Pac hoax, the death of Facebook messages directed users to a Weekly World News link with a legitimate-looking news article backing up the claim that Facebook CEO Mark Zuckerberg is abolishing Facebook on the Ides of March because “the stress of managing this company has ruined my life.”
Facebook’s 500-milliion strong army feared the worst, and variations on the doomsday message spread virally. Though this scam contained no malware or rogue applications, Cluley said, “it’s still a nuisance, clogging up communications, increasing the overall level of spam and perhaps leading people to make decisions for wrong reasons.”
The third scam to make its way around Facebook was the most dangerous, as it actively infected its victims’ computers with malicious software.
The basis of the trick was simple enough: A link was sent through a Facebook chat message claiming that the user’s photos had been moved; to retrieve them, the user needed to click on a link and access an app called app.facebook.com/CENSORED.
That link, of course, was the trigger, and clicking it automatically downloaded a strain of malware onto the victim’s system.
This malicious app has been removed from Facebook, Sophos’ Chester Wisniewski said.
To stay off the cybercriminals’ radar, security experts warn Facebook users not to click on links, even if they come from a trusted source.
“Don’t believe everything you read on the Internet, and think twice before you pass a story on to your friends,” Cluley said.
- Staying Safe on Facebook: How to Lock Down Your Page
- Security and Privacy Software Reviews
- 2010’s Top 5 Social Network Foul-ups