Illustration by Yevgeniya Mikhailik - www.yevgeniyadraws.com
One of best things about having a solid network of friends is that you can rely on them for good advice and suggestions. As you may have noticed, this basic tenet of human behavior has been carried over into the online world of social networking, as exemplified by the proliferation of "Like" buttons on almost every website you visit. See that your friend likes a particular vendor you've never heard of? Maybe you'll check them out. This system deftly combines the social aspects of word-of-mouth recommendations with the online reality of modern commerce, and works great for both vendors and customers.Of course, the key to the entire system is trust; namely, that you trust the advice of your friends. Without that, the recommendations and likes you see would be meaningless. But this raises an interesting point: in real life, a stranger cannot pretend to be someone else you know. What about online? Is it possible somehow that the avatar with your friend's name and face is... not who they appear to be?
Desperate to be Heard
The abuse of online social networks by advertisers, spammers, and hackers is becoming increasingly prevalent, and it's not hard to see why. The internet is a thriving community of individuals and businesses, all with one common goal: to get you to click on their stuff. Whether trying to make a sale, earn advertising revenue, or enlist you into a botnet army run by the Russian mafia, at the end of the day the equation is the same across the board: click = $.When it comes to advertising, the most effective kind is word of mouth. Recommendations between friends are much more likely to generate clicks (or even sales) than advertisements from unknown sources, plus it doesn't require any direct capital expenditure. As a corollary, though, you can't buy word of mouth advertising. It just has to happen on its own. That's why it works, and why people are much more willing to listen to a friend's recommendation than an advertiser's: the information is coming from a trustworthy source.
Today, social networking websites allow word of mouth recommendations to happen much faster and travel far wider than they can offline, making them a great target for unscrupulous advertisers, spammers, and hackers who want to generate clicks (and revenue) by any means possible.
Likejacking
Have you ever seen a friend on Facebook post a link to a purportedly outrageous video ("LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE," etc.), only to find that the link didn't work? Did the link seem a bit out of character for your friend anyway? They were probably a victim of "likejacking," and so were you if you clicked the link.Whenever you legitimately "like" something on Facebook, your activity is sent to your friends' News Feeds. Spammers have found that they can embed invisible "like" buttons beneath links and buttons on Facebook, allowing them to trick you into "liking" something without your knowing it. This activity is then sent to your friends, who are then likely to check it out themselves, unwittingly "liking" the page in the process, ad infinitum.
Even worse is when one of these links leads you to a Facebook app page that requests permission to access your information and post content to your wall. If you're desperate enough to see that girl get owned by that police officer, you just might go ahead and click "Allow" (hypothetically, of course). The spammer can then continue to push their links to you and your friends without any further action on your part.
What's the point? Why trick people into virally spreading links on Facebook? It's not always obvious, but the bottom line is clicks: getting people to interact with content they otherwise wouldn't. The clicks themselves may be enough to generate advertising revenue for the person behind it, or the links could redirect users to malicious websites that attempt to download a virus or other malware to users' computers. Either way, by getting you to unwittingly send the link to your friends (who then send it to their friends, etc.), the attacker can guarantee a continued return on their investment.
Account Hacking
Even worse is when hackers manage to take complete control of users' accounts. Last year, a Russian hacker tried to sell the login credentials of 1.5 million stolen Facebook accounts. Though he did manage to sell roughly half of them, it's dubious as to whether they were all unique, or merely an amalgamation of repeated information.Either way, criminals were willing to pay real money for this information, and the reasoning is the same as before: to infiltrate a network of trust. With complete control of users' accounts, the criminals who bought the stolen credentials could have messaged the users' friends with links to malicious websites with viruses, trojans, or other types of malware. By posing as someone trustworthy, they could have easily gotten many, many people to fall victim to the attack.
What to Do
Your first and best line of defense is knowing that things like likejacking and account hacking can even happen. Remember: a scammer might be able to gain some control over a friend's account, but your friend's behavior and personality cannot be so easily mimicked. If a friend posts a link that seems out of character, or writes you a message that seems strange, it might not really be them. Of course, your friend might just be having a weird day. Either way, message them to see if their actions were intentional. Of course, if it's obvious that their account has been hacked, you should let them know as soon as possible. Aside from the danger their compromised account poses to them and others, these kinds of incidents aren't exactly the best for their reputation.Also, and as a general rule, be wary of installing Facebook apps you don't completely trust. If you click on a link to a video or or online quiz that asks to access your account information, post information to your wall, and see your friends list, don't do it. Generally speaking, this is what Facebook quizzes and apps are all after in the first place: access to your account. By giving them permission, you're just enabling them to spam you and your friends with potentially harmful content. When in doubt, just say no.
Even more importantly, you certainly shouldn't download any software, video players, etc. from websites that you are directed to by a Facebook link, especially if you were lured in by promises of a funny video or other 'viral' content. These kinds of things are almost certainly a front for a virus or other malware, the consequences of which will render your compromised Facebook account the least of your worries.
As a precaution against unauthorized use of your account, you can have Facebook notify you when an unrecognized device logs in as you. To enable this feature, go to Account > Account Settings > Settings Tab > Account Security. You can even require a passcode be sent to your phone and entered along with your login information before a new computer can be used to access your account (a nice feature for the paranoid, an inconvenient one for anyone who logs into their Facebook account away from home). Personally, I think these features are a bit excessive, and should only be used by individuals who need to be absolutely sure that no one else is masquerading online as them.
Already a Victim?
If you think you've been a victim of likejacking, check your profile for any recent activity involving suspicious links or posts, as well as unwelcome entries under your likes and interests. If you see anything that shouldn't be there, delete it. Also disable any rogue Facebook apps you may have installed along the way by going to Account > Privacy Settings > Apps and Websites (Edit your settings) > Apps You Use (Edit Settings).
If you think your account has been hacked, change your password immediately. If you use the same login and password for other websites (a bad idea, as to be discussed in my next article), you should change those as well. Fortunately hacked accounts are generally one-off events; once you change your password, you should be safe.
Also, try taking the Facebook Security Quiz. The answers to the questions are pretty obvious, but the tips they offer underneath each question after you answer are pretty good, and are worth reading.
As always, a little knowledge goes a long way toward keeping your online identity secure. Be wary of unusual links and messages from friends, and don't install apps you don't know or trust. Remember, clicks are money, and some people will play the part of a wolf in sheep's clothing just to get them.
--
This week's article features yet another illustration by the oh-so talented Yevgeniya Mikhailik! Check out her work at www.yevgeniyadraws.com, and sample her wares at www.etsy.com/shop/yevgeniya!