Categories: Social Media

Facebook faces devious adware

When you receive an email from an unfamiliar source urging you to click on a link or download a file, it’s easy to send it straight to the bin due to its spam-like nature. It’s a completely different story when the message is sent via Facebook Messenger by one of your friends. Such is the case with the latest social engineering scheme, and here’s what you need to know to stay safe.

What is it?

Little is known about the adware itself or those behind it, but it was uncovered by David Jacoby, senior security researcher at Kaspersky Lab, when he received a Facebook message from one of his friends, only to find out that wasn’t the case.

Basically, the adware uses Facebook Messenger to track your browser activity and pushes you to click on malicious ads or give out personal information.

How does it work?

By clickjacking and hijacking credentials of Facebook users, the adware is able to send messages to people in the victim’s contact list. If you’re one of those people, you’ll receive a phony message from your friend’s compromised Facebook account.

The message includes your friend’s name followed by the word “Video,” a shocked face emoji, and a shortened URL. Once clicked, the URL will redirect you to a Google Doc with a blurred photo taken from your friend’s Facebook page, disguised as a video. If you click on the “video”, you’ll be redirected to one of a number of targeted websites based on your browser, operating system, and location.

For instance, if you use Google Chrome, you’ll be sent to a website that looks exactly like YouTube, complete with the official logo. The hoax website will show you a fake error message to trick you into downloading a malicious Chrome extension.

If you’re on Firefox, you’ll be sent to a site with a false Flash Player update notice and a Windows adware executable; the same goes with OS X except the adware is hidden in a .dmg file.

The goal here is to move your browser through a set of websites so tracking cookies can monitor your activity and display malicious ads or you can be “social engineered” to give up confidential information.

How do you avoid falling victim?

Facebook has rolled out a number of automated systems to stop harmful links and files. What’s more, they will provide you with a free antivirus scan if they suspect that your account has been compromised by adware.

Still, you should be very skeptical about any shortened URL links sent to you by your Facebook friends, no matter how long you’ve been friends.

Due to their low key nature as potential security endpoints, cyber criminals are turning to social media platforms as their new medium of choice. To keep your business safe, you need to stay up-to-date and educate your employees. If you have any other questions about social media and how it can impact your business, just give us a call.

ron.pierce

Recent Posts

The Ultimate Guide for CPAs: Choosing the Right Accounting Practice Software for Your Office

  Are You Making the Right Choice for Your CPA Firm? When was the last…

4 days ago

Implementing Screen Time Management Solutions in the Workplace

In today’s digital-first world, screen time is an unavoidable aspect of the modern workplace. Employees…

5 days ago

Simple Ways to Limit Screen Time for Your Family

Spending too much time in front of screens can affect how we feel and interact…

6 days ago

Preventing Email Phishing Attacks for Small Businesses: Essential Strategies

Every day, people receive emails pretending to be from trusted sources only to discover they…

2 weeks ago

Best Practices for Data Backup in 2025

Best Practices for Data Backup in 2025 In today's digital age, data is the lifeblood…

3 weeks ago

What Is Single Sign-On and Who Is It For?

Statistics show that the average enterprise uses more than 90Read more  "What Is Single Sign-On…

3 weeks ago