Facebook has been infiltrated by Nigerian scammers and other cyber criminals who use compromised accounts to con users out of cash. Now that even non-tech savvy internet users know not to respond to, or click on links in, emails from strangers, online thieves have turned to social networks and are finding it is easier to trick people when posing as their friends.
On Friday, Sydneysider Karina Wells received a Facebook message from one of her friends, Adrian, saying he was stranded in Lagos, Nigeria, and needed her to lend him $500 for a ticket home.
Adrian used relatively good English but, after chatting further, words such as “cell” instead of “mobile phone” tipped Wells off that she was not talking to her friend but someone who had taken over his account.
Using sites such as Facebook allows scammers to research and target victims more effectively and avoid having their messages blocked by spam filters, said Paul Ducklin, head of technology at Sophos Asia Pacific.
It is likely the scammer obtained Adrian’s Facebook login details after he was infected with a virus delivered by email or in an infected web page.
There are a number of viruses which, once installed on a computer, send back to the hacker a detailed log of everything entered using the keyboard, including online banking details and passwords for services such as Facebook.
Wells played along with the scammer, who asked her to transfer the money into a Western Union account.
“Naturally I was concerned as, to all intents and purposes, this seemed to be legitimate,” she said.
“I pretended that I would help, obtained all the details of where he was and forwarded them to both Facebook and the relevant authorities.”
But while the Nigerian scammer used the compromised Facebook account coupled with social engineering tactics to try to convince Wells to hand over money, many are using compromised accounts to spread malware.
Typically, the victim receives a Facebook message from a friend with a subject such as “LOL. You’ve been catched on hidden cam, yo” or “Nice dancing! Shouldn’t you be ashamed?”
The body of the message contains a video clip link that appears to go to a legitimate site such as Facebook or YouTube but, when clicked on, it takes the user to a bogus web page.
Before the users can play the video they are told they need to download a video player upgrade, which is in fact a password-stealing virus.
The next time the victim logs into Facebook the malware-laden message is sent to all of their friends and the infected link is automatically added in comments on friends’ pages.
Other less sophisticated attacks on Facebook members use spam emails, some appearing to come from Facebook itself, to spread viruses.
In September security firm WebSense reported on spam emails, purportedly sent from an @facebookmail.com address, that tell the victim they have received an invitation from Facebook to add a friend.
“The spammers included a zip attachment that purports to contain a picture in order to entice the recipient to double-click on it. The attached file is actually a Trojan horse,” WebSense said.