Skip to content

WARNING: Teams Edward & Jacob, Meet Team Spammer

by Neal O'Farrell on April 11th, 2011

This afternoon, ID Guardian went live with a write-up on the current scam hitting Facebook — a multi-layered phishing attack targeting fans of the Twilight saga. This engineered viral app is currently making the rounds on the social network and ID Guardian is granting us permission to syndicate their column

Be safe when being social today, and feel free to comment.

You have heard us talk about harmful or unknown links and arbitrarily clicking on them. These malicious URL’s usually lead to some form of malware that either hinders the performance of your computer, or monitors your computer’s activity in the hopes of obtaining your Personally Identifiable Information (PII) while shopping or managing your bank accounts online. These are legitimate threats and yet, as reported by Time’s Techland blog, in an independent study, 68 percent of Facebook users would click on links received through the social network. It’s a logical assumption: As you are receiving a link through your Facebook network, it should be a link coming from someone you know. According to this study, though, 42 percent of the people in this experiment admitted having people in their network they didn’t know.

Today, the carefree clicking reached a new height through an extremely deceptive Facebook app. This time, the hook wasn’t “a funny vid” or even a random wall post from friends. The hook is the fan base for the Twilight films, and here’s how it works:

You may receive a notification that you have been tagged in a photograph (pictured below) recently posted on Facebook, appearing in your feed like this:

However, the notification provides a link to a Twilight: Breaking Dawn game instead of the usual tagged photograph. Clicking on this link takes you to a customized Facebook page inviting you to play this promotional game.

Thus begins a multi-level attack:

  • Upon clicking the “Play Now” link, your account is clickjacked (meaning a page tricks users into performing undesired actions) and automatically spreads the link to your friends’ accounts under the “Like” feature.
  • The application then asks for permission to access your Facebook account in order to access your basic information, post on your account wall, and have the ability to access your data at any time.
  • The final part of the attack comes through a survey that supposedly asks you to verify your identity.

If you are concerned about whether or not your account has been compromised by this (or a similar) scam, watch this video courtesy of Sophos Labs.

ID Guardian recommends the following:

  • When notified you are “tagged in a photo” and the notification leads to a game, this is a scam. Do not click any further!
  • When notifications you suspect are SPAM in nature appear in your feed, make sure to remove them from your wall by moving your cursor over the announcement, clicking on the notification, and selecting “Mark as Spam” from the “X” in the upper-right corner of the post.
  • If you receive a posting or an unsuspecting chat invite from anyone (friend or otherwise, as seen in the graphic below) that opens with a cryptic URL, do not click on the link. Stop and ask that friend (see Fig. 1) either in chat or in a message if they sent it. If it is a stranger, block or remove that person immediately from your network. A good sign it is a spam or a compromised account is the message itself is full of typos or poor sentence structure (see Fig. 2).
  • When an application asks you for permission to access your account, ask if that access is really necessary, particularly if you do not know what this application will really do.
  • When in doubt, change your password on Facebook, preferably with a code hard to decipher. (Do not use the same password for Facebook as you use for your bank, ecommerce, or other PII sensitive websites.)

It may seem overly cautious to confirm with other Facebook users, maybe even people you know and chat with regularly, whether or not they just dropped you a link; but what harm would it do if you dropped that friend a quick message asking if they were, in fact, sending you a link? With these preventative tips you can still enjoy the social benefits of Facebook while avoiding malicious links that only bog down your computer’s performance or (far worse) cause problems for your online reputation and image.

Think before you click. This is a good mantra to repeat when enjoying the social aspect of social networking.