- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Facebook video games are stupid, anyway
As Graham Cluley at Sophos notes in the Naked Security blog, a scam claiming that you can play Mario Kart on Facebook has spread between a lot of users.
The would-be victims of this bit of social engineering see something that looks like this:
Play Mario Kart on Facebook!
Play Mario Kart on Facebook with your Friends! Join the multiplayer mayhem NOW! Click here to play
Click the link and you get a webpage urging you to join the game.
"Unfortunately as soon as you press "Play Now" you'll not find yourself in the middle of a fast-moving road race with all your favourite Nintendo characters, but instead urged to complete an online survey or competition," Cluley says. "Unfortunately, Facebook's built-in security systems don't appear to be blocking this scam at this time - giving it plenty of breathing space to trick as many users as possible into taking the online competitions. And, of course, the more traffic the scammers send to the online surveys and puzzles, the more commission they earn. And the more spam Facebook users find filling up their walls and inboxes."
We've written much in recent months about these Facebook-based scams. We keep writing about them because people keep falling for them.
In my view, playing games on Facebook has always been more trouble than it's worth. There are the non-security reasons: I tired of seeing everyone's Farmville status updates, for example. But at the ShmooCon security conference last year, the social engineering dangers of such games was made plain.
In a February 2010 talk called "Social Zombies II: Your Friends Need More Brains," security practitioners Tom Eston, Kevin Johnson and Robin Wood explained how these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming.
I don't look down on people who enjoy these games. That would be hypocritical of me, since I have my own social engineering vices, especially the Spotify music-sharing program. It's only a matter of time before the social engineering schemes start targeting something like that.
It just goes to show that the more functionality we get in the Facebook world, the more we open ourselves to getting ripped off.
The best defense for now, I suppose, is to stay aware and greet any kind of invite with skepticism.
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Continuous Monitoring and Mitigation -- the New InfoSec Frontier
- RSA Security Analytics Case Study
- VMware Cloud Credits Program
- Insights from the 2013 IBM Chief Information Security Officer Assessment
- Cloud-based Cyber Security: A Hybrid Approach to Threat Detection and DDoS Mitigation IDC Technology Spotlight
- How Identity and Access Intelligence Will Revolutionize IAM
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- Global IT Trends: IT Outsourcing Fuels Business Growth
- Defending Against Increasingly Sophisticated Cyber Attacks
- Rethinking Your Enterprise Security - Critical Priorities to Consider