Security Researchers Caution Users Against New Facebook Scam

| March 23, 2011

March 23, 2011 ( While the emergence of social networking sites has revolutionized the way people communicate with their friends, relatives and peers, they have also aided perpetrators of crime to peep into personal data of users.Facebook users in particular have been repeatedly targeted by cybercriminals to extract personal information.

Recently, security researchers at Kaspersky lab identified a new scam targeted at Facebook users. Many Facebook users received chat messages from their friends. The message read ”Father crashes and dies because of THIS message posted on his daughters profile wall!” The message was followed by a shortened Unique Resource Locator (URL). Unwary users, who click on the link, are taken through a chain of redirections, which ultimately displays a fake and malicious Facebook application. The fake application seeks access to profile information including ’list of friends’. Once unwary users allow the malicious application to access the profile, the malicious chat messages are circulated among all online friends of the targeted user.

The user is also tricked to undertake an identity verification test on a separate page, wherein they are asked to choose between some of the quizzes. Social engineering techniques are used to create an impression among the users that the application is legitimate. The attack also uses Internet Protocol (IP) address geolocation and translation services to use the same language as that of the targeted user in messages. On completion of the identity verification test, the targeted users are asked to send a Short Message Service (SMS) message to an SMS number. The average cost of the SMS is around $3, which acts as income for the offenders.

Social networking sites have become a breeding ground for cybercrime as they contain loads of sensitive information. The information could be misused for creating fake accounts and impersonating legitimate users to extract confidential information from other users. As organizations are also making use of the social networking sites for promotional activities, they must educate employees on the possible security threats and safe online practices through training programs, online degree and e-learning programs.

Analysis by security researchers indicate that Facebook users in Ukraine were most affected by the latest scam, followed by India, United States (U.S), Russian Federation and Belarus.

Social networking sites must conduct regular security evaluation of their sites through professionals qualified in security audit, masters of security science and penetration testing, to identify security flaws and lapses, which could be exploited by attackers. Online university degree programs on cyber security and information assurance may help IT professionals in updating their technical know-how and skill sets.

About EC-Council

Facebook Scam Warning EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.


Category: Tech News

Comments are closed.