Tuesday, September 01, 2009

Facebook Phishing - Watch Out!

With the consistent surge in popularity ofFacebook, it's no wonder that hackers, thieves and other na'er-do-wells are looking to exploit as many users as possible! From my limited experience, I've already seen two friends be hacked by malicious links or applications they were introduced to on Facebook. Unfortunately, while there are some tools that are very helpful in preventing such attacks, the best offense is to use the time-tested technique we've all been using all of our lives...be aware of our surroundings. Would you walk around a city without knowing where you were going? You should treat the internet with the same level of care!


The sad part is that while Facebook is a safe-haven of sorts, it's first and foremost a social community where all types of things are shared between friends, family and acquaintances, files, pictures, links. To help you decide what's safe, and what may not be safe, I created this primer for you and everyone else on the web be a little more informed and aware of their digital surroundings!


The Threat

Where's the danger? Sometimes the threat can be as unthreatening as a link posted by one of our friends...but be wary, not every link can be trusted, even a link from a friend! The safest thing to do before you click on any link to is to consider where it is you WANT to go and where you may ACTUALLY be going...


The First Warning:

As an advocate and user ofOpenDNS, I was afforded an early warning about the dangerous position I might be putting myself in...If you don't useOpenDNS(you really should!) you wouldn't see a warning like this...


The Second Warning:

The first link really just redirects users to another suspicious web site. The new site, however, is no less of a danger than the first!


The Danger:

Being intentionally foolish, I chose to proceed without regard for my own safety or the safety of my computer and all the information stored on it...As a result, I wound up a the carefully crafted and dangerous site that our would-be hackers created to do as much damage as possible in the short time I'd be visiting the site.


But how do you know this site is really dangerous? At first glance it appears to be the same site we started at, our beloved Facebook. But upon closer inspection, you should be able to notice some differences that should start the alarm bells sounding...


First, almost instantly upon our arrival at the site, a file begins downloading. Did you want to download the file? Did you do anything that would make you think you would download a file? If you didn't, the odds are pretty good that it isn't a file you WANT to download!


Looking at the address for this site, you should also notice that it's composed of all numbers...you're not in Facebook.com anymore! What you're actually looking at the IP address for the web site - every web site has one, in fact, every computer has one. Your computer has one right now (assuming you're viewing this online and haven't downloaded a copy of it...). Without going to the domain name facebook.com, you have no idea whether this site is authentic or not...so despite the fact it LOOKS like Facebook, you should immediately question whether or not it really is.


As a side note, weren't we headed to youtube.com? Why are we even back in Facebook-land?


If you still not certain whether you should be downloading this file, stop and think for a second. Look at the page...what might you be downloading? An update for Flash?


If you've been surfing or playing games on Facebook, you've already been using Flash. Flash Player is an application created by Adobe that allows all of those nifty graphics and video to play on your computer. If you don't know whether or not you need an update, trusting a site like this for guidance is probably not a smart idea. A safer bet is to visit Adobe directly athttp://www.adobe.comand check.


Danger! Danger!

Let's assume that we all agree this site is now suspicious at the very least. At the most, it's downright threatening...so what next? Once you've decided that site isn't what it appears to be, don't trust ANYTHING on that site. Every link or pop-up dialog box could be a potential threat. You wear gloves when you take brownies out of the over, right? Treat this web site no differently!



Hackers will create innocent-looking pop-up dialog boxes that are designed to look like something we'd click without even thinking about it. Most of the time, these are not actually pop-up dialogue boxes from your browser, but from the site itself! As the second wave of attack, their goal is to get you to click them and inflict damage on yourself! (Note: depending on the browser you're using, it may look slightly different - I used Google Chrome for all of these screen captures.)


The Remedy:

So if you can't trust anything on this page...even that friendly-looking pop-up window, what can you trust? Your computer. The safest thing for you to do at this point is to close your browser completely. This can be tricky...depending on the browser or browser version your using, it may be okay to simply click on the "X" and close it...but not always!



If you're running Windows Vista or XP, your best bet is to use the Task Manager to close the browser. To access the Task Manager, just right click next to the Start button (not ON it, just next to it!).



Long ago, I replaced the standard Task Manager in Windows with a more advanced and informative version from Microsoft calledProcess Explorer. Its free and incredibly useful in situations like this one!


To use Process Explore (or Task Manager) to close your browser, just scroll down until you find the name of the application and the right click on it. As I'm using Google Chrome, the application is chrome.exe. If you're using Internet Explorer, you'd look for the program iexplore.exe, Firefox is firefox.exe and Safari is probably something like safari.exe. Once you've right-clicked on the application you want to close, just select "Kill Process Tree" and the browser will close completely and cleanly!



The End.

I hope you found this helpful, and I'm sure there is a wealth of additional information on the net about how you can protect yourself from phishing attacks both within Facebook and everywhere else on the web!


Stay safe!