The Facebook Color Changer
Say goodbye to the boring blue profile and say hello to the new pink profile! An enticing scheme that lures users to malicious phishing sites, the Facebook Color Changer asks you to share it with your friends or watch a tutorial video by tricking you to click on an ad. At one point, it also offered a variety of colors. But what it really does is allow hackers to obtain access to your profile and spam your friends. Mobile devices could also be infected with the malware brought by the Facebook Color Changer, offering users fake antivirus apps.
How to avoid: While Facebook constantly improves its security to address current threats, it's still better to do the tune-up yourself and know which apps to block. Beef up your security by changing your password regularly and deleting unnecessary apps. Do not trust third party notifications and make sure you follow credible sources.
Who viewed your Facebook profile?
A clever and tempting scheme that would interest a lot of people, this Facebook scam appears as ads or as messages posted on your wall by your friend (accidental spam) that invites users to check who’s viewing their profiles. Clicking on them instantly gives spammers access to your Facebook account and network, as well as possible access to the other people on your friends list.
How to avoid: Always be wary of suspicious links, messages and ads, however tempting they may be. Even if they're sent by your friends, don’t fall for it unless you get first-hand verification of its legitimacy. After all, if Facebook really wanted its users to have this functionality, it shouldn’t take a third party app to enable it. All in all, it’s still best to report this abuse and delete irrelevant links and messages to avoid any kind of malware download.
Outrageous and “Shocking!” NSFW (Not Safe For Work) videos Facebook scam
Scams that play on our curiosities are popular bait methods used by scammers and cybercriminals. Explicit videos with outlandish titles garner a lot of attention and often create a viral frenzy among unsuspecting netizens. Fake videos that come with NSFW labels actually point you to random surveys or fake websites that could harvest your personal information and harm not only your network, but your computer as well.
How to avoid: Before clicking on anything, be sure you know where it’s coming from. Or better yet, don’t click on them at all. As these videos become viral, so does the malware behind it. Even if some posts contain real videos, there could still be malware embedded, such as rootkits that are more difficult to remove even after you clean out or reload your computer. To be safe, run a scan with your security software to make sure your computer is clean.
Twitter instant followers
More followers, more likes, and more retweets allegedly lend more credibility to a user’s online image. Whether you want to promote yourself or simply accumulate thousands of followers, using a service that promises such can compromise your security. Apps and services that offer instant followers compromise Twitter user accounts by making the user follow other users of the app and send out Twitter spam that advertise the app. Other spam-related problems could attack the user’s account even from a one-time authorization.
How to avoid: Be cautious about giving unverified apps or services access to your Twitter account--or any other account, for that matter. Scammers behind malicious activities know exactly what you want based on the hacked intelligence they gathered from you. Be wary, despite of yourself, of anything that promises quick or on-the-fly solutions. Additionally, before logging into your account, make sure that you’re logged into the official Twitter website. Signing into a disguised log-in page is like giving cybercriminals your credentials on a silver platter.
Pinterest bogus pins
Normally, we wouldn’t think social networking sites like Pinterest would be bombarded by scammers. But in reality, cybercriminals are as interested in your pins as you are. Apart from using other apps and services, these online con artists entice users to click on bogus pins that direct them to fake surveys or other phishing websites. The pin could be anything from freebie ads to promotional schemes that appear to be from legitimate companies. Once you fall prey to this scam, your security will be instantly compromised and the malicious code will start spamming your followers.
How to avoid: Think twice before you open notifications from your email or from your Pinterest account. Always check sources and be careful when viewing pins and boards. Report incidents at once and block suspicious users. Change your password if you think you’ve been compromised and bookmark the real Pinterest website (https://www.pinterest.com/) to avoid visiting counterfeit ones.
TrendLabs is the global R&D centre of information security vendors Trend Micro.