Facebook Messages May Harbour Scams, Ransomware
Facebook users have been warned to watch out for bogus links in messages that appear to be from friends. While Facebook appears to be on top of the problem for now, it's an approach that could lead to personal data being siphoned off, or computers locked.
The problem was highlighted by security researcher Bart Parys who became aware of the problem this weekend after a tip-off from a friend. It involves Facebook messages which appear to consist only of an image but are actually a type of file called SVG (scalable vector graphics).
'YouTube' Video Next Step In Scam
Normally such files are used for interactive and animated graphics online the web, but in this case it's actually a way of hiding code that opens up a bogus version of YouTube in the user's browser. The fake site looks as if it is trying to play a video, and then asks the user to install a browser extension in order to continue.
Exactly what the browser extension does may vary from case to case. In one case, a Chrome user was prompted to install the "One" extension in Google Chrome, with the warning that it could "read and change all your data on the websites you visit." This means the extension could potentially collect passwords and other data. Other reports say victims have had ransomware known as "Locky" appear on their computer and demand payment to unlock files. (Source: blogspot.co.uk)
The code also appears to cause the Facebook account to pass on the message with the bogus link to all of the user's Facebook friends.
Facebook Takes Action
Facebook responded to the news by changing its settings to automatically filter out messages which contain SVG files. It's also told browser manufacturers about the bogus extensions. (Source: telegraph.co.uk)
The methods of attack are much the same as malware distributors have used for many years, but taking advantage of Facebook could be much more effective than the typical email approach. That's because Facebook users may be more likely to open unsolicited files that appear to come from friends in a web browser, compared to an email attachment (for example).
It's also very possible the average Facebook user has more personal contacts on the site than in their email address books, meaning more people might trust the source, thus in turn spreading the threat more quickly.
What's Your Opinion?
Does Facebook do enough to warn users about unsolicited messages? What steps do you take to protect against such attacks? Do you double-check with contacts before opening files or clicking on links that they appear to have sent you?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Similar threat, different day
It's good to see Facebook able to mitigate the threat quickly - kudos to them. However threats like this will continue to exist from now until the end of time, so don't expect it to be the last one. Instead you can expect more twists on the same thing - similar to how the Microsoft Indian Tech Support scammers operate.
"Does Facebook do enough to warn users..."
Does Facebook do enough to warn users? The article says, "Facebook users have been warned to watch out for bogus links..." Have we? When? I have never received a communication from Facebook about this subject, at least not specifically and recently enough to associate it with this situation. So, No. Facebook does not do enough. From my perspective, it does nothing (relative to warning users). ;)
Facebook warnings
Most likely the warnings are coming through media outlets, in which case the message is simply perpetuated throughout the web (similar to what this article is doing). There doesn't seem to be an official Facebook "warning" page of scams alerting users, or warnings that I see posted on their site (on my wall, for example), or emails I've received from Facebook detailing any scams - so you're definitely right about that. In the latter case, such emails would likely be spoofed, hence the reason why you'll never seen an official 'warning'.
I don't see how they can't
I don't see how they can't inform users directly and immediately even though I don't use facebook. Sure, email warnings will get spoofed like everything else. But what better way to contact users than directly on the home page, login page, or similar initial contact? Everyone would be notified immediately upon using the site. Even if many are always-logged-in users (like apps), it's still doable. If my bank/isp/??? had an issue, I'd rather them inform me immediately upon using the service than to expect other media outlets get the warning to me whenever.
I've run across a few sites that wanted to install an extension in chrome to accomplish something, but I always close the tab and find another site to get what I'm looking for. I'm usually looking for special unit converters or math stuff. As for extensions...only from https://chrome.google.com/webstore and with what seems like legitimate developers/references.
Continuous warnings
I'm sure they have a policy on this, but let's think about this for a minute. If you are the owner of Facebook (or a Facebook shareholder) would you want to inform your users on a daily or hourly basis of certain Facebook attacks that are trying to infect users / steal user data on the site - or would you want to simply inform the press and let them redistribute the news? The former will surely scare people away from using the site resulting in abandonment and further uproar, whereas the latter seems more of a polished turd approach. I'm not trying to defend Facebook and their policies, but saving face (yes pun intended!) is most likely what this is about.