“There’s a sucker born every minute.” That quotation, widely attributed to P.T. Barnum, originally referred to deceptive carnival sideshow attractions, but it’s just as relevant to online scams–in particular, Facebook scams–today.
None of the common Facebook frauds–the “Facebook dislike button,” the “stalker tracker” (which purports to tell you who’s visiting your profile), and “watch this video” tricks, for instance–are new, says Chris Boyd, senior threat researcher for UK-based GFI Software. “You’d think that people wouldn’t continue to fall for them,” he says. But of course, they do.
Resisting the urge to click can be difficult, and scammers know it. They prey on a combination of users’ curiosity and trust, and on their own ability to disguise scams as legitimate online promos. Fortunately, you have some clues to watch for.
One ploy that Facebook scammers use is to encourage people to click a compelling URL. But instead of seeing the promised site, the deceived person inadvertently spams friends with links to the same URL. Some messages are so persuasive that victims may provide personal information such as credit card or phone numbers, which the scammer can then exploit to run up unauthorized charges.
The key element in a successful scam is its ability to exploit the victim’s trust, says Dr. Robert D’Ovidio, associate professor of sociology at Drexel University in Philadelphia. Many scams pose as links in posts from people you know. “These schemes are coming from people in our network, and our guard is already down; that’s a very tough thing to police against.”
If a friend posts a link to what appears to be a video on your wall with the comment, “Is this you? LOL!”, you’ll probably click it. But it may be a scam or a link to a malicious site posted by a crook using a hijacked Facebook account.
Here are two red flags to watch for when you click a link: It doesn’t take you to the page promised; or it takes much longer to load than you’d expect. A delayed load may mean that you’re being bounced between proxy servers to hide a hacker’s location, instead of being sent directly to the destination.
Also watch out for pages that unexpectedly ask you to enter your Facebook login information. Once scammers manage to gain access to your account details, they can use it to spam your friends. If that happens, or if you suspect foul play of any kind, change your password immediately.
Even shortened URLs may pose risks (this is also a problem in Twitter), since users can’t tell by looking at a shortened Web address whether it’s authentic. So if someone posts a shortened link to your wall or by using a Facebook message or Chat, proceed with caution.
Ultimately, most scams are designed to generate revenue for the scammers through pay-per-click schemes or through access to information that can lead to unauthorized charges on credit cards or phone bills.
What to Do If You Fall Victim
If you find that you’ve been scammed, first delete the offending app (go to Account, Privacy Settings, Edit your settings [under ‘Apps and Websites’], Edit Settings [under ‘Apps you use’], and click the X next to the app you want to delete). Then delete any posts that the app has made in your name, alert your friends to what happened, and change your Facebook account password.
J.R. Parker, an attorney with Kershaw, Cutter & Ratinoff, LLP, says the key to not getting scammed is to be vigilant. He recommends tying down all privacy settings and restricting what apps can do with your information or your Facebook page. To modify these settings, log in to Facebook and click Account in the top right; then select Edit your settings under ‘Apps and Websites’ at the bottom left, and click Edit Settings next to ‘Info accessible through your friends’.
A healthy skepticism is critical, too. Here are some specific tips:
• Verify app authors. Click the author’s name and follow it to the app’s home page. Look for anything that seems odd or unprofessional. Run a Google search on both the app name and the author.
• Check other users’ experience. A simple search can yield results indicating what’s legit and what may not be.
• Don’t give out personal information (including your Facebook login name and password) to anybody, unless you’re certain of the recipient’s legitimacy and the distribution channel’s security.
• Be aware that your security on social networks depends in part on the security-mindedness of the other people who belong to your network.
• It may not be rocket science, but security experts say it’s your best protection: “Be careful what you click on.”