Facebook video games are stupid, anyway
I've always thought Facebook was a stupid place to play video games. Now, it seems, there's a social engineering risk.
As Graham Cluley at Sophos notes in the Naked Security blog, a scam claiming that you can play Mario Kart on Facebook has spread between a lot of users.
The would-be victims of this bit of social engineering see something that looks like this:
Play Mario Kart on Facebook!
[LINK]
Play Mario Kart on Facebook with your Friends! Join the multiplayer mayhem NOW! Click here to play
Click the link and you get a webpage urging you to join the game.
"Unfortunately as soon as you press "Play Now" you'll not find yourself in the middle of a fast-moving road race with all your favourite Nintendo characters, but instead urged to complete an online survey or competition," Cluley says. "Unfortunately, Facebook's built-in security systems don't appear to be blocking this scam at this time - giving it plenty of breathing space to trick as many users as possible into taking the online competitions. And, of course, the more traffic the scammers send to the online surveys and puzzles, the more commission they earn. And the more spam Facebook users find filling up their walls and inboxes."
We've written much in recent months about these Facebook-based scams. We keep writing about them because people keep falling for them.
In my view, playing games on Facebook has always been more trouble than it's worth. There are the non-security reasons: I tired of seeing everyone's Farmville status updates, for example. But at the ShmooCon security conference last year, the social engineering dangers of such games was made plain.
In a February 2010 talk called "Social Zombies II: Your Friends Need More Brains," security practitioners Tom Eston, Kevin Johnson and Robin Wood explained how these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming.
I don't look down on people who enjoy these games. That would be hypocritical of me, since I have my own social engineering vices, especially the Spotify music-sharing program. It's only a matter of time before the social engineering schemes start targeting something like that.
It just goes to show that the more functionality we get in the Facebook world, the more we open ourselves to getting ripped off.
The best defense for now, I suppose, is to stay aware and greet any kind of invite with skepticism.
--Bill Brenner
Print
As Graham Cluley at Sophos notes in the Naked Security blog, a scam claiming that you can play Mario Kart on Facebook has spread between a lot of users.
The would-be victims of this bit of social engineering see something that looks like this:
Play Mario Kart on Facebook!
[LINK]
Play Mario Kart on Facebook with your Friends! Join the multiplayer mayhem NOW! Click here to play
Click the link and you get a webpage urging you to join the game.
"Unfortunately as soon as you press "Play Now" you'll not find yourself in the middle of a fast-moving road race with all your favourite Nintendo characters, but instead urged to complete an online survey or competition," Cluley says. "Unfortunately, Facebook's built-in security systems don't appear to be blocking this scam at this time - giving it plenty of breathing space to trick as many users as possible into taking the online competitions. And, of course, the more traffic the scammers send to the online surveys and puzzles, the more commission they earn. And the more spam Facebook users find filling up their walls and inboxes."
We've written much in recent months about these Facebook-based scams. We keep writing about them because people keep falling for them.
In my view, playing games on Facebook has always been more trouble than it's worth. There are the non-security reasons: I tired of seeing everyone's Farmville status updates, for example. But at the ShmooCon security conference last year, the social engineering dangers of such games was made plain.
In a February 2010 talk called "Social Zombies II: Your Friends Need More Brains," security practitioners Tom Eston, Kevin Johnson and Robin Wood explained how these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming.
I don't look down on people who enjoy these games. That would be hypocritical of me, since I have my own social engineering vices, especially the Spotify music-sharing program. It's only a matter of time before the social engineering schemes start targeting something like that.
It just goes to show that the more functionality we get in the Facebook world, the more we open ourselves to getting ripped off.
The best defense for now, I suppose, is to stay aware and greet any kind of invite with skepticism.
--Bill Brenner
CSO's Daily Dashboard gives you a one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.
Previous Post: Do infosec tweeps talk too much?Next Post: What would Teddy Roosevelt do about infosec?
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
