May: Scams and Viruses on Facebook and Other Security Issues

LOL Trojan Is “laughing” at the Facebook Messaging Service

Malwarebytes  is warning FB users to beware of a new scam and trojan called the “LOL” malware.  It’s a message that appears to be from one of your FB friends with a photo file attached named “IMG_xxxx.zip”.  Clicking on it allows a Facebook user’s data and login credentials to be accessed.

What to  look for…

Messages like “LOL” or “I can’t beleive someone posted this” or “OMG, have a look at this” catch users off-guard. After downloading and unzipping the jar file named IMG_xxxx.zip, the malware executes and infects your system.The jar (or Java)file itself is the agent that actually downloads a pre-defined file from a select DropBox account. This is the file that infects the user’s machine. In the background, messages are being sent to the rest of the FB user’s friends’ accounts.

This sort of attack works because it goes through several steps to evade detection and to trick the user into trusting and opening. Once on your computer it further escapes detection by injecting itself (injection attack) into a legitimate process running on your computer.

How to protect yourself

Change your Facebook password if you receive one of these and delete the message.  Then notify Facebook and your friendson a wall post.

Inside That Postal Stamp Kiosk May Be A Scam

It looks as if a fraudster gang is installing skimmers on postal vending machines across the US.  The Banking industry started issuing reports earlier this month of fraudulent activity on debit cards used on postal vending machines such as stamp dispensers.  According to the USPIS, the following warning has been urged to customers using the machines:

“USPIS recommends customers who use the APC machine should personally visually inspect the machine prior to use,” the USPIS said. “Look for any type of plastic piece that looks like it has been slid over the actual credit card reader. Look for any other type of marking on the machine that looks as though it has been applied by a third-party.”

Krebs on Security had this to advise on protecting yourself when using these vending machines:

One way to protect yourself against this type of fraud is to use a credit card in lieu of a debit card whenever possible. With a credit card, your liability is maxed out at $50 in the case of fraudulent transactions. Things get more complicated with debit cards. Although many banks also will observe the $50 limit on debit card fraud, customers could be facing losses of up to $500 if they wait more than two business days after learning about the fraud to report it. Also, while your bank is straightening out the situation, any cash you may be missing could be held in limbo, and other checks you have drawn on the account may bounce in the meantime if the fraudsters manage to clean out your checking account.

In addition, it’s a good idea to cover the PIN pad when you’re entering your PIN. Doing so effectively prevents thieves from stealing your PIN in cases where a hidden camera is present.

Speak Your Mind

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.