Facebook Attacks Feed Fraudulent Marketing Sites
A new study reveals that affiliate marketing sites are the final destination in three-fourths of all Facebook deceptions. Visitors to these sites are induced to fill out surveys that generate affiliate payments for the scammers, victimizing legitimate businesses that pay affiliate fees.
Commtouch, which provides cloud-based Internet security services, has published an in-depth analysis of 2011 Facebook attacks within its Internet Threats Trend Report, a year-end synopsis of Internet threats.
The report released Wednesday, Dec. 28, presents an analysis of scores of malicious Facebook activities during the past year, as identified by Commtouch Labs.[ Also Read: Facebook Users to Enjoy Websense Security ]
Users are induced to click on the scams through social engineering tactics such as free merchandise offers, celebrity news, new (fake) Facebook applications, or simply a trusted friend sending a message stating: “You have to see this!”
After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or “self-XSS,” each of which is described in the report.[ Also Read: Seven Serious UX Flaws on Facebook ]
In 48% of the cases, it says, unwitting users themselves are responsible for distributing the undesirable content by clicking on “like” or “share” buttons.
“Facebook scammers are out to make money, and affiliate marketing is a rich source,” said Amir Lev, Commtouch’s chief technology officer. “The same social engineering techniques that malware distributors and spammers have been using for years to induce people to open their unwanted mail or click on malicious links are being leveraged within Facebook and other popular social networks for ill-gotten gains.”[ Also Read: Keep Your Friends Close and CIOs Closer ]
Besides Facebook threats, the report discusses Web threats, phishing, malware, and spam throughout the year. The content of the report, according to the company, is based on data from Commtouch’s GlobalView Network, which tracks and analyzes billions of Internet transactions daily.
The trend report describes the explosion of email-borne malware in the third quarter of 2011 to the highest levels observed in over two years, followed by its subsequent drop to earlier low levels during the fourth quarter.
While emails with attached malware subsided to a mere trickle, email messages with malware links hosted on compromised Web sites increased significantly, using themes like pizza delivery notifications and airline itineraries to trick recipients into clicking on the malicious links.