My Bitdefender
  • 0 Shopping Cart

Bitdefender Blog

Thoughts from the battlefield - One year of fighting with social scams

by , on 27 October 2011

A year ago today, we launched Safego to protect Facebook users from scammers. In human time, it seems very recent. In scammer time, it seems like an eternity.

Back in October of 2010, most Facebook scams were related to social games like Farmville. Among the most common were news feed entries spreading "bonuses" that passed on Facebook worms or adware. But that was just the beginning.

November 2010 saw the advent of the lure of profile customization to spread adware. There were also the so-called "Facebook secret Toolbar" or "The new Facebook Toolbar" scams meant to tempt unsuspecting users.

Christmas is definitely the time when scams can spread fastest, as friends and relatives exchange holiday greetings. Of course, we saw some Christmas season scams, but that wasn’t the most interesting part of December. The scammers used the season of good cheer to disseminate what later became the most popular social scam: “see who viewed your profile.” See who viewed your profile was a very effective bait, tapping normal human curiosity to get users to click scammy links. It still is effective, even if Facebook explained repeated that this feature is not available.

January was the month of Clickjacking, known on Facebook also as Likejacking. That is, hiding an iframe behind a video, and making people click the like button when they think they are hitting the play button. But the interesting part is that Likejacking became really effective after Facebook transformed the like functionality into a more viral one:

First, the action of "liking" something was seen by the user’s friends as a simple line in their news feed. After a while, when a user "liked" something, the display method was similar to “share” -with a thumb and a short description.

But February stands out for interesting discoveries. It was in the dead of the winter that we discovered that 24 % of social scams are mobile. The popular social networks are present on any kind of device, classical or mobile. A Facebook worm using clickjacking mechanisms means making it spread from any platform ( Windows, iOS or Android).

March even topped that. We found out that the people carrying out Facebook scams are also perpetrating Twitter scams. This discovery was possible using the statistics provided by scams spread with shortening urls that offer analytics. " How many hours you spend on your Facebook/Twitter account ?" was one of the many incentives used by the cross social networks scams.

April showed us you don't need to be a rocket scientist to make scams effective. Tagjacking and eventjacking take advantage of one of the most viral functionality of Facebook: tagging someone in a photo or inviting someone to an event. It's very simple to develop such an application, but extremely effective.

May showed us that complex schemes are not always effective. If in April we saw an explosion in tagjacking, which is very simple, in May we witnessed the more complicated trick of making the user the admin of a page and using a custom tab to redirect it to the malicious website.

June was the month of interactive scams - what we called "Comment Jacking".  This makes the user believe he is completing a captcha when he is actually commenting on a malicious link.

In the summer, we had a little slowdown of the scam volume, but September came back strong. Seems like the scammers have holidays too :)

In September Facebook announced the introduction of new viral mechanisms. We raised five major security and privacy concerns about the issues. We will see if the scams take advantage of the new features. Until now, every viral component was used by at least one scam as a spreading mechanism.

As you can see, scammers steadily improved their techniques in making social threats more effective and viral. One year ago, we had some simple attack schemes, now we have many, many more. This was the big challenge for Safego: to keep up with this very dynamic threat environment.

But it was an extremely interesting first year for Safego. And no doubt the second year will be just as interesting.

P.S.: Don't forget about our compresive whitepaper, Friends, Fiends and Facebook: The new battlefield against scammers.


Daily "Did you know?"

On July 31, 2008, the Koobface computer worm started to target users of Facebook and MySpace; and new variants still constantly appear.


  • Bitdefender Security Specialists
    Bitdefender Labs
  • Catalin Cosoi
    Chief Security Researcher
  • Dan Lowe
    Dan Lowe, an OEM Senior Marketing Manager, has been working with Bitdefender for the last 3 ½ years. His familiarity with multiple security products from Firewalls to Antivirus has provided him a unique perspective on the security industry.
  • Ligia Adam
    Security Evangelist and Social Media Professional
  • Loredana Botezatu
    Loredana Botezatu – E-threat Analyst – Loredana has been writing about the IT world and e-security for well over five years. She has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.