Web Hosting Security

  Home arrow Web Hosting Security arrow Bieber-based Scams Hit Facebook
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Bieber-based Scams Hit Facebook
By: wubayou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2011-03-04

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement
    A variety of scams recently made the rounds on Facebook that consisted of new and old topics. The newest scam involved the omnipresent pop star Justin Bieber. It used the promise of an exclusive video as its front. Although Facebook has clamped down on the scams, they did manage to affect some viewers prior to detection.

    The Justin Bieber scam was detailed in a blog post by M86 Security Labs. It involves a Facebook post that states, “I can't believe a GIRL did this because of Justin Bieber.” The post appears on walls and in users' status updates across Facebook, and includes a link to a supposed video featuring Bieber. 

    If a user clicks on the link to the video, they are taken to a page with an appearance similar to YouTube that says, “Please watch this video only if you are 16 years or older.” While clicking on the video may appear to be a harmless action, there is actually a hidden iframe embedded in the area. The iframe is linked to Facebook's “like” feature, so clicking anywhere on the video to play it actually results in the user “liking” the video. By liking the video, the user unintentionally posts it on their wall. This increases the video's exposure to the user's Facebook friends, and allows it to spread even further across the social network.

    The scam does not stop with the clickjacking attack, however. It continues with the appearance of a phony Facebook dialog box. The box asks the user to complete a survey to verify their age. Instead of verifying their age, the user is actually given a survey riddled with links to auto insurance sites. Facebook claims it has put a stop to the scam, but there are other variations that are still spreading.
     
    The hidden iframe method employed in the Bieber scam is that of a clickjacking attack. Clickjacking has been used on Facebook in the past; it tricks users into clicking on areas of the page that are covered with hidden iframes. Hackers use hot topics or products to capitalize on their popularity in the hopes of spreading their scams to as many victims as possible. The use of Justin Bieber in this case is a perfect example of such exploitation.

    The Bieber scam was not the only one causing a nuisance for Facebook users. Other scams, some of which have been used before, were detected as well. It is not known if they were clickjacking attacks, but they centered on topics such as free tickets from Southwest Airlines and free iPads. One of the scams used a Miley Cyrus video as bait.

    Since clickjacking attacks exploit weaknesses in browsers, Facebook is somewhat helpless in preventing them. The social network does have systems in place to detect compromised accounts, and also blocks or deletes posts and links that are deemed to be malicious. To protect yourself from clickjacking attacks, avoid clicking on suspicious links.

    For more on this topic, visit http://news.cnet.com/8301-27080_3-20037827-245.html?tag=mncol;txt.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By wubayou

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap