Facebook users are being warned to be wary of messages sent by friends requesting personal information or money. The warning follows the discovery that cyber-criminals are masquerading as Facebook friends in order to trick unwary users into parting with valuable sensitive and financial information, says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
Google Australia employee, Karina Wells, received a Facebook message from a cyber-crook pretending to be her friend Adrian. He said he was stranded in Lagos, Nigeria and in need of $500 for a ticket home, a report says. Wells was not immediately suspicious and only became so when her 'friend' started using American phrases like 'cellphone' instead of 'mobile phone'. At this point, she contacted the authorities to make them aware of the attempted fraud.
Sophos notes that given the Facebook trend for amassing as many friends as possible, these sorts of scams may not be instantly recognisable as fraud. With dozens, or even hundreds of friends, it's impossible for members to keep track of where they all are.
Friends in need
"Many Facebook users don't even know how many friends they have on the site, let alone what they are all doing and where they are, and this is providing the scammers with a new vector of attack," says Myroff.
"Unfortunately, this is just the latest skirmish in an ongoing battle taking place between Facebook users and cyber-criminals intent on exploiting the site and its members for their own financial gain.
“To guard against all these threats, it's essential to be cautious in your online activities. Don't reveal all your personal details online and be wary of messages with unusual demands - just because they come from a 'friend' doesn't make them legitimate."
Sophos experts note that e-mails from social networking sites are much more likely to get into computer users' inboxes in the first place, as they don't have the obvious signs that botnet spam does (such as known bad sender IP address, known bad headers, or known bad e-mail construction). This means many spam filters will fail to stop these messages from reaching their intended victims' mailboxes.
Fact or fiction?
It appears as though the sensational US post-election spam is continuing. Last week, the spammers told readers that John McCain was caught nude in public, discovered that his wife Cindy had starred in a private video, and (presumably from the shock and stress), died from a heart attack.
The latest news from the spammers is that Michelle Obama has been caught nude and drunk in bed, and that her husband is on the verge of death. Some of the subject lines that the criminals are using at the moment to try and tempt users into viewing their pharmaceutical spam, include:
* Barak on the verge of death
* Obama spoils state budget
* Cindy caught hot on tape
* Who framed Bush?
* Even presidents use it
* Michelle's personal consultant
* McCain and Obama use it too
* Michelle Obama nude
“There seem to be no depths too low for spammers trying to peddle their goods to the public,” says Myroff.
“What the spammers are trying to do here is get Internet users to open their e-mail. The subject line is the first thing you see in your e-mail inbox - if it's not of interest to you, you probably won't open it. So e-mails that pretend to be breaking news in the subject line are perhaps more likely to be opened than e-mails that are honest about being adverts for an online drug store.”
This week's line-up of low to medium prevalence threats include Mal/Zlob-AE, which is a malicious Browser Helper Object and installs itself in the registry.
Share
Editorial contacts