Bitdefender Blog

Back in October of 2010, most Facebook scams were related to social games like Farmville. Among the most common were news feed entries spreading "bonuses" that passed on Facebook worms or adware. But that was just the beginning.

November 2010 saw the advent of the lure of profile customization to spread adware. There were also the so-called "Facebook secret Toolbar" or "The new Facebook Toolbar" scams meant to tempt unsuspecting users.

Christmas is definitely the time when scams can spread fastest, as friends and relatives exchange holiday greetings. Of course, we saw some Christmas season scams, but that wasn’t the most interesting part of December. The scammers used the season of good cheer to disseminate what later became the most popular social scam: “see who viewed your profile.” See who viewed your profile was a very effective bait, tapping normal human curiosity to get users to click scammy links. It still is effective, even if Facebook explained repeated that this feature is not available.

January was the month of Clickjacking, known on Facebook also as Likejacking. That is, hiding an iframe behind a video, and making people click the like button when they think they are hitting the play button. But the interesting part is that Likejacking became really effective after Facebook transformed the like functionality into a more viral one:

First, the action of "liking" something was seen by the user’s friends as a simple line in their news feed. After a while, when a user "liked" something, the display method was similar to “share” -with a thumb and a short description.

But February stands out for interesting discoveries. It was in the dead of the winter that we discovered that 24 % of social scams are mobile. The popular social networks are present on any kind of device, classical or mobile. A Facebook worm using clickjacking mechanisms means making it spread from any platform ( Windows, iOS or Android).

March even topped that. We found out that the people carrying out Facebook scams are also perpetrating Twitter scams. This discovery was possible using the statistics provided by scams spread with shortening urls that offer analytics. " How many hours you spend on your Facebook/Twitter account ?" was one of the many incentives used by the cross social networks scams.

April showed us you don't need to be a rocket scientist to make scams effective. Tagjacking and eventjacking take advantage of one of the most viral functionality of Facebook: tagging someone in a photo or inviting someone to an event. It's very simple to develop such an application, but extremely effective.

May showed us that complex schemes are not always effective. If in April we saw an explosion in tagjacking, which is very simple, in May we witnessed the more complicated trick of making the user the admin of a page and using a custom tab to redirect it to the malicious website.

June was the month of interactive scams - what we called "Comment Jacking".  This makes the user believe he is completing a captcha when he is actually commenting on a malicious link.

In the summer, we had a little slowdown of the scam volume, but September came back strong. Seems like the scammers have holidays too :)

In September Facebook announced the introduction of new viral mechanisms. We raised five major security and privacy concerns about the issues. We will see if the scams take advantage of the new features. Until now, every viral component was used by at least one scam as a spreading mechanism.

As you can see, scammers steadily improved their techniques in making social threats more effective and viral. One year ago, we had some simple attack schemes, now we have many, many more. This was the big challenge for Safego: to keep up with this very dynamic threat environment.

But it was an extremely interesting first year for Safego. And no doubt the second year will be just as interesting.


P.S.: Don't forget about our compresive whitepaper, Friends, Fiends and Facebook: The new battlefield against scammers.