Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Facebook timeline scams prey on wishful thinking

If you're not a fan of Facebook's new Timeline, you're not alone. In a CIO.com poll of more than 600 people, 87 percent responded that they dislike the new profile design.

Unfortunately for them--and contrary to Facebook Pages and Groups popping up--there's no hitting the rewind button to revert to the old profile.

Since Timeline rolled out to the public in December, and the backlash that ensued over yet another Facebook change, scammers and spammers have been busy creating bogus Facebook Pages and Groups claiming to give you instructions on how to get your old profile back.

These pages, which you can find easily by searching Facebook for the keyword "Timeline," have attracted tens of thousands of people. They are generally entitled "Deactivate Facebook Timeline on your Profile" or "Deactivate Your FB Timeline" and are found under app, public figure, community, cause, website and organization categories.

They also have a number of characteristics in common: Most request that you "Like" its page before it reveals how to receive your old profile design, then it instructs you to click a cluster of "Like" buttons and a "Share" button; select a state or country; and choose friends to invite to the application or group.

Michael Sutton, vice president of security research at Zscaler ThreatLabZ, says that these scams are typical. Scammers, he says, aren't usually looking for information, rather they're "social engineering" users into performing acts that further the scam, ultimately earning the scammer a few cents.

There are two parts to this specific scam, Sutton says. The first falls under the aforementioned propagation category, in which the scams convince victims to "Like" its Facebook page, then posts a link to it in the users' News Feeds and potentially sends a link to users' friends via Facebook chat.

The second part is the pay-per-action scam, in which the page ends with asking the user to take a survey, for which the scammer will earn a few cents.

"If [the scammers] can convince thousands of Facebook users to participate, such a scam can become a lucrative venture," Sutton says. "The scams often leverage current events or popular Facebook topics in order to draw the attention of potential victims."

Facebook, which generally does issue a warning or clarification regarding rampant scams or spammy memes, has not yet addressed these groups claiming to get your old profile back.

[Want more tips, tricks and details on Facebook privacy? Check out CIO.com's Facebook Bible.]

Generally, though, Facebook's official Facebook page and its official security page are two good resources to check if you're unsure about whether or not a page or meme is legitimate. On these pages, Facebook will post information about new security features, tips and setting rumors straight.

As a general recommendation, Sutton says to avoid "Like" or "Share" buttons on sites or in links that are sent to you, even from Facebook friends, since their profiles could have been already compromised. You can also download Zscaler's free Likejacking protection plugin.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Facebook, Zscaler
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Facebook, internet, Internet-based applications and services, security, social networking
Latest Blog Posts
Whitepapers
  • HP Security Action Plan for Enterprise Printing and Imaging
    Security is a part of how we work. When you walk through the front door of your office every morning, you probably pass a level of security. At your desk, it’s likely you log in to your computer and access files over a secure server. From security badges and ID cards to network firewalls and software security, it may seem like your organisation has taken every measure to protect its property, people and data. This action plan outlines a step-by-step approach to help you develop a plan that improves the security of your printing and imaging environment and boosts your business.
    Learn more »
  • CSO Security Buyers Guide 2011
    Welcome to the 2011 /2012 CSO Security Buyers Guide CSO is keeping security professionals ahead of the evolving threats and challenges to their businesses. This resource for security professionals assists you in finding leading IT security vendors by their products and solutions. Happy Browsing! The 2011 CSO Buyers Guide team
    Learn more »
  • Information Security Policies, Standards and Procedure
    As a result of the adjustments in the way business is conducted, ownership of information does not carry the same clear accountability it once did. Physical and behavioural boundaries used to exist around information management but these can be missing in the modern workplace. Clearly thought-out information security policies, standards and procedures addressing internationally supported standards, will go a long way to addressing the risk exposure these changes have created. In this third paper, “Policies, Standards and Procedures,” we discuss guidelines for effective information security management.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.