Don’t fall victim to the attacks described below. It’s ultimately you who decides here whether you’ll let hackers access to your computer or compromise your account. So make an informed decision by reading and implementing the methods and advise in the post below.
Facebook Phishing – To Access the Video, Please Login
Some of your friends might post a video like this on your wall:
Oh cool, a hot chick video. Click. Here’s what happens after you click:
A new window will appear prompting you to enter your username and password. If you’re in a rush, you probably WON’T notice the URL above.
Well, that’s what happened with many Facebook users on May 29th. The name of this phishing attack is “Most Hilarious Video Ever.” If you were a victim of this attack, your account was compromised.
Do you want to run that Java Applet? It comes from a trusted source…NOT!
So you want to run some cool game or online app in your browser. Before you do that, the website is asking you to run a Java Applet:
If you’re like most casual surfers, you might say: “Why not?” and proceed by clicking on “Run.”
BIG MISTAKE. See what happens after that:
Yes, several files are created in your Temp folder including one .exe file which is probably a dangerous virus. Java apps can do nasty things in your computer. That’s why browsers give you ‘danger’ windows like the one above.
Do not download .exe files from Facebook (apps)
The below screenshot is from a malicious Facebook application that asks you to ‘update your video software’ by installing a brand new FLV player:
Why would they REALLY ask you to download a FLV player? Is there a virus in it? In this case, no. The reason is money. Every time you download the software (FLV Direct Player), the owner of the Facebook app will get money for that. It’s called PPI (pay per install).
After a bit of research, I found they get $1.5 for each new installation. So if 1000 people download and install that FLV player, the owners of the Facebook app get $1500:
Rogue Antivirus – Would you Like to Download Anti-virus That is ACTUALLY a Virus?
This has happened to me twice so far. I would be searching for a particular topic on Google and then click on a search result and see a page come up that looks like a Microsoft security scan.
THIS IS A FAKE SECURITY SCANNER. There is NO WAY for a security scanner or an anti-virus to run in your browser without your permission. After this ‘scanning’ is done, you’ll usually get a window saying your computer is infected:
After that, you get prompted to download an .exe file which is the magical antivirus that will remove the infections. Unfortunately, the file you’ll download actually contains a virus and if your computer wasn’t infected before it will be now.
Another common screen you may get is this:
One Key Lesson to Learn:
Who’s most likely to fall victim of these attacks? It’s the person with the lowest attention span.
The key lesson is: If you get a suspicious message or request (like the ones above), SLOW DOWN and say: “Wait a minute. This doesn’t seem right. Let me check the URL. Or can anti-virus programs really scan my computer via the browser?” So sustaining your attention is the key to protecting yourself from these kinds of attacks.