You’ve heard about the scams and you may have seen some of the lures. Here are practical ways to ensure that you won’t become the next victim.
Illustration: Michael Byers
"There's a sucker born every minute." That quotation, widely attributed to P.T. Barnum, originally referred to deceptive carnival sideshow attractions, but it's just as relevant to online scams--in particular, Facebook scams--today.
None of the common Facebook frauds--the "Facebook dislike button," the "stalker tracker" (which purports to tell you who's visiting your profile), and "watch this video" tricks, for instance--are new, says Chris Boyd, senior threat researcher for UK-based GFI Software. "You'd think that people wouldn't continue to fall for them," he says. But of course, they do.
Resisting the urge to click can be difficult, and scammers know it. They prey on a combination of users' curiosity and trust, and on their own ability to disguise scams as legitimate online promos. Fortunately, you have some clues to watch for.
False Friends
One ploy that Facebook scammers use is to encourage people to click a compelling URL. But instead of seeing the promised site, the deceived person inadvertently spams friends with links to the same URL. Some messages are so persuasive that victims may provide personal information such as credit card or phone numbers, which the scammer can then exploit to run up unauthorized charges.
The key element in a successful scam is its ability to exploit the victim's trust, says Dr. Robert D'Ovidio, associate professor of sociology at Drexel University in Philadelphia. Many scams pose as links in posts from people you know. "These schemes are coming from people in our network, and our guard is already down; that's a very tough thing to police against."
If a friend posts a link to what appears to be a video on your wall with the comment, "Is this you? LOL!", you'll probably click it. But it may be a scam or a link to a malicious site posted by a crook using a hijacked Facebook account.
Here are two red flags to watch for when you click a link: It doesn't take you to the page promised; or it takes much longer to load than you'd expect. A delayed load may mean that you're being bounced between proxy servers to hide a hacker's location, instead of being sent directly to the destination.
Also watch out for pages that unexpectedly ask you to enter your Facebook login information. Once scammers manage to gain access to your account details, they can use it to spam your friends. If that happens, or if you suspect foul play of any kind, change your password immediately.
Even shortened URLs may pose risks (this is also a problem in Twitter), since users can't tell by looking at a shortened Web address whether it's authentic. So if someone posts a shortened link to your wall or by using a Facebook message or Chat, proceed with caution. More
