Facebook Social Engineering

Yesterday I ran into a very clever and sophisticated attempt to install a virus on my machine.

What is more interesting though is that it all happened on Facebook.

At random a friend starts talking to you. It goes like this:

Hi. how are you?

Good, I’m fine, you think by yourself. That’s what you respond.

A bit later:

good. Wanna laugh? :)

Who doesn’t like a good laugh?

It is you on the video ?)) want to see?

Here’s where he grabs your attention. You are wondering what this possibly could be about. A funny Internet video? Your drunk video got leaked? You are curious and can’t wait for what’s next.

Then he responds with a link in the form of an IP address:

This redirects you to a page that exactly looks like YouTube. However, the path carries your Facebook user ID as well. It’s a Facebook plugin!

There you will see a YouTube video with comments of your friends who make fun of you. They are pulling your leg.

Then you think: wow, this is cool! You actually believe that there should be a video as well.

Now the catch here is that you cannot see the video. There is however a link to install the latest Flash Player.

Bam! There you have it. I didn’t install it, don’t know the specifics, but I bet it’s an executable containing malware and spyware.

If you install it, it will takeover your Facebook account and replicate itself.

All very cunningly social engineering I must say. I remember the same would happen on other instant messengers such as MSN and Yahoo Messenger. This is not new. But now that chat and moreover the social layer is part of the Web, attacks are much more advanced and it all becomes eerily sophisticated.  Maybe another reason to thrust the diaspora to Google+, a safe harbor to stay in the meantime.

Please re-share this and be alerted. Do not fall for this trickery.

One thought on “Facebook Social Engineering”

Leave a Reply

Your email address will not be published. Required fields are marked *