First the crowds, then the spammers. That’s how it works, right? With Facebook now suffering through its the biggest spam-attack to date, it seems those crafty fraudsters out there are really starting to understand the power of social media.
More than five different spam waves have hit Facebook in the last 24 hours, and security experts are warning that clicking on a fraudulent Facebook link could infect your computer even if you have anti-virus software. While some of the spam means posting false messages on your wall, other spam schemes are sometimes quite clever – directing you onto a different site where you are asked to take part in a small survey.
This fraudulent site can sometimes be within Facebook, meaning there are no immediate signs of danger. These apps often ask permissions to access your data as well, meaning you could be bypassing your anti-virus software by basically opening the door on the virus.
Because we are not used to spam on Facebook, we are actually very gullible to fraudsters. So far it’s been a safe environment, where links are posted by friends who we trust not to send us anywhere dodgy.
“Facebook is vulnerable to spam by design, since Facebook users trust the messages they see on their friends’ walls, and have no fear of clicking them,” said Urban Schrott of antivirus company ESET.
It’s like being back to when internet banking fraud first started, this – we had to be taught to never respond to emails looking like they came from our banks. But before we clued up to how it worked, a lot of people would respond to these emails asking for password “confirmation”.
Twitter is also a decent hunting ground for spammers, either by hacking people’s accounts and tweeting links, or by setting up accounts just for spam. When the links come from friends the problem is the same as with Facebook spam – we don’t have any fear of clicking on friends’ links and could inadvertently infect our computers.
The spam-only accounts are a somewhat different issue though – and at first glace it seems odd that it’s even worth the fraudsters’ while. But you get out of Twitter what you put into it, and this is true also for spammers. The clever ones will search Twitter for mention of certain terms, say for instance “cardigan”, and then they will respond to your tweet with a cardigan-related link. Sometimes they can be quite friendly and chatty doing this, but it’s still spam, and you should report them as such. Twitter has handily added “report for spam” as an option in the drop-down box on each profile.
Another crooks’ trick is to add tags to spam tweets and get them to trend – people are usually curious about trending topics and this increases the chances of someone clicking on your link.
One born every minute
The problem is that spam works – there will always be someone who falls for it, and as long as that’s the case this problem won’t go away. Granted, the number of suckers out there are few and far between: a study from 2008 showed a 1:12.5 million success rate for email spam. This is only 0.00001%, but with enough volume you will make money from this.
Twitter has started making an effort to combat the problem, including introducing a filter that checks links for malware before allowing them onto the site. Facebook is likely pottering away at its own solutions as well, keen to nip this problem in the bud. But as fraudsters will remain inventive, we need to wise up and realise the friendly playgrounds of Facebook and Twitter are growing up, and they are no longer harmless.