Until some time ago viruses and malware were spread to the world through emails (see how to recognize infected emails), today a new virus transmission channel has been added that leverages naivety and little attention from users and I am talking of Facebook. Facebook is a privileged hunting ground for anyone with bad intentions, who, with cunning and cunning, goes in search of every little weakness of people to infect their computers or to steal personal data.
Cybercriminals are very good at pushing users to take some involuntary action that exposes them to the theft of personal data, compromising the account or even taking control of their PC for their own illegal purposes, such as the launch of DDoS attacks.
Speaking in general and examining the most common cases, we can identify 5 ways used to infect PCs through Facebook from which it is necessary to defend yourself .
1) Clickjacking
Clickjacking is one of the oldest tools, but still among the most used by scammers on the Internet.
The deception is all based on psychology and takes advantage of people's curiosity to delve into sensational news.
By clicking on a link that appears on the home, you end up operating the infectious mechanism that can bring the virus to your computer or, for example, to activate the webcam to spy on us.
In practice , something is published to attract clicks such as false and incredible news, gossip, news about the death of a famous person, links with the words "Exclusive" or "Breaking News", competitions in games where you win easy, videos about funny or sensational things.
By clicking on the malicious link, you download the malware or end up on an infected web page.
Very often they are also pages of competitions and games in which an easy win is promised, where registration is requested and, therefore, authorization to steal our data.
Defending yourself from this type of sneaky attack may not be easy.
Facebook counteracts all fake news and "attracts-clicks", but it is not always able to block them or prevent their diffusion.
As a rule, it is important to avoid clicks on news from unknown or dubious sources (the source is always written below each news item) and be wary of too strange news, perhaps going to check with a Google search if someone else also talks about it .
An updated antivirus installed on the PC should protect us, but it can fail if the user insists on clicking.
2) Phishing
Facebook phishing attacks target account theft.
You can then present the user with a login page identical to that of Facebook, where you can enter the name and password that will be recorded by the author of that page and used to take possession of the account.
One of the best known phishing attacks on Facebook is from 2013, where an application promised users to show them who had visited their profile.
Thanks to a fake logi n page identical to that of Facebook, users who used this application had two alternatives: enter their username and password or download a program that was, in reality, a keylogger virus capable of recording any key pressed on the PC and send it to the cyber criminal.
As already written a few years ago, to avoid identity theft and to have your password stolen on Facebook, the most important thing is to always check, when you log in to Facebook, that on the address bar the address starts with https ( //www.facebook.com/ ) and that there is a padlock symbol next to it.
This ensures that the web page is secure.
It is also important to use a browser updated to the latest version that has anti-phishing checking enabled.
Once again, avoid clicking on applications and links that promise impossible things such as seeing who has seen our profile.
3) The "Facebook Team"
In this attack, the attack is organized by sending a message to the user from a Facebook administrator or customer support .
The message will ask you to update your account or click on a link or download an attachment.
Obviously all these things will bring the infection to the PC.
A variant of this threat is a fake invitation that promises to win a prize if a certain message is spread to all friends.
To defend against this attack you need only a little common sense and personal judgment.
Facebook has very strict anti-spam rules so it will never ask to spread a message to friends and it does not communicate with users through private messages.
4) Facebook applications
Until recently, the cyber attack via Apps on Facebook was the most dangerous.
It was enough to install an app and authorize it to use our profile to lose control of the account or spread spam to all friends.
Today it is more difficult to create an app of this type because Facebook has protected its platform, but the danger always remains.
We talked about virus applications on Facebook and how to protect ourselves some time ago and, although things have improved today, the discussion remains valid.
The important thing is to be very selective about the installed applications, avoid unknown ones or look for information about them before authorizing them.
In addition, it is worth re-checking the list of applications already installed (from the settings) by removing those that are not used.
As a general rule, avoid all applications that require total access to the Facebook account, access to messages and the right to manage pages and events.
To avoid that some virus app can exploit the tags in the photos to spread them, activate the revision of the tags before publication (in settings -> diary and adding tags ).
5) Malware attacks
Malware and viruses can be injected into our computer via Facebook using one of the methods listed above.
Among the viruses and the worst attacks on Facebook we have already talked about Zeus, Koobface, the LOL virus that spreads via chat via a message with the word "LOL" and a virus attachment and Self XSS.
As you can see, all the threats described above require user action and focus on his distraction or curiosity.
The best advice is to be vigilant and always keep a little mistrust on everything you read on Facebook, avoiding clicking anything.
To stay informed about new threats and new hacker tricks to infect PCs, you can click Like on the official Facebook security page to receive the latest news about it.
