FACEBOOK "Like" SCAMS

If you are a regular user of FB, there is a high chance that you must have seen something like this in your Newsfeed.

 The title will create such a curiosity in one's mind that, you will be forced to click on it. On clicking the link, you will be taken into a website with a "Like" button and with with texts asking you to click on the like button to proceed.

If you click on the Like button, it will be added to your likes and interests [ As per FB documentation, a page you Like will have capability to publish content to your News Feed whenever it pleases to, till you manually remove it ] Once you Liked the page, it will again ask you to share it with your friends as Step2 to view the "Amazing Content".

If you click the Share button, a popup window will come up asking you to Share the content with your friends.If you try to Skip it, an alert window will come saying unless you share this, you won't be able to see the content.

Driven by curiosity and unaware of the consequences, many people will actually share it!!, leading to further propagation of the scam. The result of all these so called "Steps" is that you will be presented with page asking you to perform "Human Verification" by completing a survey!!.Each time someone does a survey, the Scammer get money!! and free publicity, what an amazing marketing strategy!!.

How it is done?

By checking the source code of the page, it can be seen that Scammers are exploiting FB's own social plugin APIs!!.

They have added few Javascript of their own to detect using pressing 'Like' button, also to create an alert if the person refuses to Publish it to friends .

In this particular case, FB's own APIs are being used, and no password stealing code/malware download code has been found.But since 'liked' page has the capability to push content into the user, its very much possible to do worm/Trojan spreading using similar tactics.
Digging deep into the code, the final destination to which user will taken after Liking and Publishing is found.

If you visit this page directly, you will be treated with a page asking to complete the survey.If you act fast enough to hit the 'Escape' key as soon the page is getting loaded to stop the advertisement from getting loaded, you will be able to see the "Actual Amazing Content".

This just one of the hundreds if not thousands SCAMS that being propagated over FB, most of them uses the same tactics.If you have already fallen for one, go to Likes and Interests in your profile and remove the particular page.If you haven't , be careful not be a victim.Happy Facebooking!! :)

Tabnabbing : All your tabs belongs to me!!

Ever heard of the word "tabnabbing"??? well I haven't until a few days back. Guess what, a new word to the  community and new method of attack to the bad guys!!. Its a new method of attack, that can be used for phishing, unveiled by Aza Raski, Creative Lead of Firefox, exploiting the weakest element in the chain Humans!!.

Well since the introduction of tabbed browsing, most of us surf the web with multiple tabs open, since its very convenient, and keep switching between them.You read news,chat with friends,update your FB status, all in different tabs. Here comes the problem, since all the tabs are open by us, we tends to trust them!!. Its not possible that the webpage in one tab might have changed while we are browsing in another right??.

Wrong!! as demonstrated by Aza, its possible for an attacker to detect that your viewing another tab and change the content of a particular tab to a phishing page.It happens relatively fast so that users won't normally see the page getting reloaded.

How Exactly the Hack Happens?
1. Someone is sending you a link to a web page say an article about present job market to your gmail id.
2.You open that page in a tab, which seems like a legitimate article.
3.After giving it a quick read, you navigate to another tab to check the cricket score.
4.Attacker's page detect that you have navigated away and haven't interacted to it for a while.It replaces the favicon icon with that of gmail's,the title with “Gmail: Email from Google”,  and change the page contents to look like the login page.
5.As the user scans through the open tabs, he/she will see the familiar looking Gmail favicon and title, without much doubt he/she will be ready to enter the username and password in the page thinking that it might have been automatically signed out, which is a normal situation.
6.The credentials goes to the attacker and you will be redirected back to gmail's page.

Well the attacker got what we wanted,and you have no clue!!.If the same password/username combination is re-used in a bank OR if the attack is performed with a bank's login page then the loss of the victim will be much more.

Still not convinced!!!??? See the video and you will understand.


[The video is taken from aza's original post which you can see here]

So How Do We Fix It?
The attack is based on human psychology,rather than any vulnerability in the software, which makes it difficult to prevent.Firefox is coming up with Firefox Account Manager which will protect users from these kind of attacks and makes logging into websites easier, at least they claim it that way.Another method is to use NoScript to block all the un-necessary scripts/flash/java in a webpage, which will block not only this attack but a bunch of others too.

Facebook SCAMS

As Facebook is growing in popularity,its increasingly becoming the target for various kinds of malicious attacks.I have spotted one such scam couple of days back, which will trick people into copy pasting javascript code into their browser's address bar.The code in the scam which I spotted did nothing but to invite all FB friends to view this particular scam page by sending out suggestions.Though it seems a harmless( irritating though) trick, one could some malicious intend ( say fetching the contacts personal details or session cookie) to it.
It started with the suggestion I received from a friend that I should become the fan of the page "WORST STATUS UPDATE ON THIS PLANET".Clicking this particular invitation will bring you into a page like this.

According to this page it is a two step process(!!) to reveal the WORST STATUS UPDATE EVER, first of which is to click the [LIKE] button.  

One you click the button, it will redirect you to another page, which will ask you to copy paste the given code into the browser's address bar and wait for the content to load.
While you wait, the code running in the background will send out suggestions to your FB friends, to become the fan of this page( which explains the suggestion I got).This page is no longer accessible now(thankfully), it might have taken down by the FB.

Googling parts of the javascript code showed that its a readily available piece of code to invite all your friends.Which shows this is not the only attempt made.( google revealed same tricks were used by scammers for long time, but still 2000+ people fell for this!!!).Its really disturbing to see that people blindly believe everything they see in the social networking sites( esp if it's supported/suggested by a friend). We really need to realize that not everything  we see needs to be true. So the best practice from my point of view is to think before you do something online.
Always remember, "NEVER COPY PASTE ANYTHING INTO THE ADDRESS BAR, NO MATTER WHAT IT CLAIMS TO DO"