Faked celebrity gossip fuels Facebook scams

Byron Acohido, USA TODAY

Same old tricks continue to spread malicious apps on world%27s most popular social network
Facebook scammers make good living off compulsive behavior of web socializers

Catalin Cosoi is Chief Security Strategist at Bitdefender

SEATTLE – Facebook scammers continue to use top celebrities in ruses to get users of the world's largest social site to click on links that infect their computing devices.

The Top 10 Facebook scams revolve around come-ons to view lewd content relating to Kim Kardashian, Megan Fox, Justin Bieber, Selena Gomez and Chris Brown, according to analysis supplied exclusively to USA TODAY from Romanian anti-virus company BitDefender. Catalin Cosoi, Chief Security Strategist at Bitdefender, supplies context:

Q: Facebook puts a lot of resources into security. So why are these scams still getting through to users?

Cosoi: Facebook is doing a lot in terms of security. If you keep using the same target and constantly fine-tuning your attack vectors, though, at some point you will find ways to bypass security measures. However, once they start spreading, they will probably pop up in an outbreak detection mechanism and will be removed. Compared to a couple of years ago, Facebook is doing really well in eliminating threats.

Q: How would you characterize the success level of the bad guys?

Cosoi: They aren¹t starving . Thousands of unwary victims click daily on third-party applications that promise to let them see their stalkers or change their Facebook color. Educated but non-technical men are usually the first who hurry into clicking and spreading such messages, especially bogus sex tapes.

Q: Can you briefly describe how a typical Facebook attack unfolds; what are the steps?

Cosoi: A typical Facebook attack unfolds in waves, with a series of compromised URLs luring users with the same bait in a short period of time. It all starts with an attention-grabbing message. The victims land on another web page where scammers host fraudulent schemes or malware.

They may be asked to complete endless surveys, but they never get to see the promised sex tape or new feature. Last but not least, the scammy app will automatically post messages on the victims¹ timeline and on the timelines of their friends to trick as many people as possible into spreading it further.

Q: Do you expect these type of attacks to continue? Why so?

Cosoi: Cyber-criminals have no reason to stop for them, it¹s a profitable business with low overhead. The lack of novelty when it comes to crafting Facebook scams shows they have no reason to invest in new baits. And why would they spend time and energy coming up with new material when users still answer to the same old emotional triggers?

Q: What can or should Facebook users do?

Cosoi: Facebook users should count to ten before clicking any button or image promising them sex videos or features the social network doesn¹t have. The compulsive social media behavior of a few users helps scammers maintain a profitable business. With techniques such as likejacking and tagjacking, users also unwittingly become brothers-in-crime with cyber-crooks.

Q: Could Facebook be doing more?

Cosoi: Facebook already invests a lot of resources into keeping its platform safe for more than a billion users, with all the traffic and spam that a number like that generates. The scams that do get away represent just a small percentage of over 3 billion likes and comments posted every day.

Featured Weekly Ad