Tag Archives: phishing

Facebook’s Frequent Five: What’s Behind Them?


Facebook malware, Facebook security, Facebook attacksIf you have a Facebook account, you have seen the @facebook version of chain “letters” that used to proliferate on email.  They start with something wonderful and the promise of more wonderfulness to come: love, money, happiness, world peace.  The kicker comes at the end where you are given a deadline of hours or days to forward this by email to x number of friends or to Like it on Facebook or BAD THINGS will happen to you.   

Trust me, truly spiritual people don’t try to blackmail strangers into taking some kind of action. I assume these messages are scams that contain malware of one type or another.  I ignore them on @Facebook and take pride in breaking them on email. So if you like chain messages, don’t send them to me.

When email was the communication medium of choice, these scams proliferated there.  Now you see almost none on email but waves of them on FB.  Does that strike you as odd?  Of course not, because these messages are created for a reason.  That reason is to gain access to your personal information, which will then be used in ways over which you have little control and may not even know about.  In the world of computer security, this is called “phishing.”

Another goal is to take control of your computer and use it as part of a “botnet”—a network of mostly home computers that spend cycles spreading malware or serving porn.  As most people leave their computers on all the time, this can be an excellent way to get free computing power for your nefarious business or service.  Would it upset you to know that, while you are sleeping peacefully, your laptop is participating in a Denial of Service attack or distributing pornographic images?

FB phishing expeditions take several forms and you have probably seen all of them.  You may have been taken in by some of them.  They will draw you in with one pitch or another and ask you to click on a link (don’t do it) Like, Share or Comment on them.  In which case, gotcha. 

puzzle challenge, Facebook

Puzzle Challenge

Now, I have a naturally suspicious nature so when I see a pattern cropping up on FB, I wonder who created it and why.  I assume it contains malware and avoid it like a digital plague.  Right now, I watch out for what I call the #FrequentFive:

  1. The Puzzle Challenge:  This may be a math puzzle that involves solving an equation or coming up with the next number in a series, a word challenge that asks you what word you see first, or a visual image in which you are asked how many faces you see or how many boxes are in the picture.
  2. The Sentimental Appeal: These pop up around holidays and ask if you love your mother or have a sister who’s special to you, or whether you love your daughter.(Are they targeting women here?Ya think?)
  3. The Nostalgic Attraction:This is usually a picture of an object that was common in the 50s, 60, and 70s but has been out of use for a long time.It may also be a picture of a movie or TV show that we knew as kids but has been off the air for decades.These typically come from radio stations and tickle our nostalgia nerve by asking the question, “Do you recognize this?” or say, “Like if you remember using one of these.”
  4. The Patriotic Gesture: Often this particularly insidious scam shows a soldier (or someone in uniform) holding a message board and asking for your support.He or she may be trying to collect a certain number of Likes for some reason.He could be just some guy in camo standing in the Arizona desert.
  5. The Sympathy & Support Game:  If this is really malware, it sinks to a new low.  This simple message, sometimes just a signboard, asks you to post the picture on your FB wall and keep it there for 24 hours to show your support for research to prevent or treat some awful affliction.
old television shows, Facebook

Nostalgia Pitch

All of these may be honest and aboveboard.  If so, please let me know where it came from and what the goal is. I would really like to know and I will be happy to set the record straight.  The fact that patterns make me suspicious doesn’t mean that the FB post really does contain malware.  In fact, it would make me feel better about humanity to find out that it doesn’t.

If you are tempted to respond to one of the Frequent Five, or click on an unknown URL, ask yourself a few simple questions:

  • “Where did this come from?  Who created it?  For what purpose?”
  • “What will I actually accomplish if I do what they ask?” 
  • “How will I know if I did something good?”
  • “Do I know and trust the person or organization who posted/sent this?”
  • “Do I know what code is hidden in this message or behind this image?”
  • “If I click on the URL, where will I end up?”
Full Disclosure:  Lest you think that I have never been taken in by one of the Frequent Five, I freely admit to having fallen for a couple of them, particularly the Puzzle Challenge. On the other hand, the Sentimental Appeal has never sucked me in.  Having spent years in the computer security industry, I’m not proud of this but I know that other friends in the industry have, too, because I see their posts on FaceBook.

I also know when I receive a totally incongruous spam message from someone I know.  Yesterday, I saw this from a childhood friend who would be mortified to know it went out in her name.

his excellent WikiHow page on How to Avoid Facebook Malware and I strongly advise you to read it.  It describes other forms of malware and offers five steps you can take to avoid or recover from infection. 

o keep your eyes open, think before you click, and trust no one, as Fox Mulder used to say.  Con artists learned a long time ago that if you can get someone into an emotional state, you can manipulate him or her into doing what you want