The scam: Don't be fooled by the name -- there's little to laugh about when it comes to the quickly spreading
Koobface virus. (The word, by the way, is an anagram of "Facebook.") Once the virus infects your PC, it starts sending messages or wall postings to your Facebook friends, directing them to a "hilarious video" or some "scandalous photos" of someone you both know.
"The link promises an enticing video, but when the user clicks, he is presented with a Web page with a fake Adobe Flash update or a fake codec that needs to be downloaded," explains Ryan Naraine, a security evangelist with Kaspersky Lab. "That download is malware."
The protection: Antivirus software can help keep you safe, but some common sense can also go a long way. "Be wary of any kind of direct URL in messages or postings," advises Jamz Yaneza, a threat research manager with
Trend Micro. If a site asks you to download a software update, Yaneza says, click Cancel and go directly to the vendor's page to see if the update is legit.
Scam #4: The phishing pond
The scam: Phishing, a favorite hacker tactic, has found new life at social networking sites. Scammers trick users into following links that open official-looking Facebook login prompts. If you enter your user name and password, the information is logged -- and your account is theirs.
Brandon Donaldson, a pastor at the
Lifechurch.tv Internet Campus, fell for the scam. Someone gained control of his Facebook account and started sending messages to his friends and followers, trying to persuade them to follow the same links and unwittingly give up their accounts, too.
"This was a pretty bad ordeal, since I regularly put video content up on the Web, and I use the Internet as a tool for many relationships," Donaldson says. "You build a certain social trust in these spaces, and you want to keep that trust without these kinds of incidents."
The protection: The previous plan also applies here: Watch where you click. Plus, if you're ever asked for your password midsession, don't enter it. Manually navigate back to the Facebook.com home page instead, and then log in there if need be.
Scam #5: The contrived community
The scam: Community enthusiasts, be cautioned: Facebook user groups can sometimes be cleverly disguised vehicles for marketing. And -- whether you realize it or not -- when you click the join link, you're effectively opting in.
Brad J. Ward was one of the first users to find such a scheme in action. Ward, then a member of Butler University's admissions department, discovered a Facebook group called "Butler Class of 2013." The only problem: The people behind it had nothing to do with Butler. After posting about the issue on his blog SquaredPeg.com, Ward soon learned that the names of nearly 400 other schools appeared in similarly suspicious groups, all created by the same small set of people.
"My initial reaction was that some company or person was essentially setting themselves up to be the administrator for hundreds of groups, which provides the opportunity to send out mass messages or to collect data," Ward says.
His instinct was right: The publisher of a college guidebook had set up the groups, seemingly with the goal of building a mass mailing list for marketing its products, Ward discovered.
"Was any of it illegal? Not necessarily," Ward points out. "But was it unethical, and could it be misconstrued as an official university presence? Yes."
Once exposed, the publishing company College Prowler
admitted its involvement and agreed to back out of the groups. Still, that's only one company. More than likely, countless others haven't been detected, and are actively using groups to gain the trust (and information) of unsuspecting users.
The protection: Be very selective in deciding what groups you join. If you aren't sure who runs a given Facebook community, or whether it's officially linked to the organization that it claims to be, don't accept the request. Your privacy is worth more than any membership.
The Web of trust
In the end, staying safe comes down to maintaining control of your information and carefully selecting with whom you share it -- because you never truly know who's on the other end of electronic communication. Recently, for example, a high school student in Wisconsin was
charged with 12 felonies after investigators say he posed as a girl on Facebook and tricked male classmates into sending him nude photos.
"An online version of the 'web of trust' is formed among users," notes Trend Micro's Yaneza. "Although this does work in the noncyberspace environment, the platform ... is really different when someone else is in charge of your medium."
It's easy to feel invulnerable while reading about such scams. The second you let your guard down, though, it's even easier to become the next victim. Just ask people who know Rubinstein, the IT pro who lost more than a grand to a Facebook scammer.
"Worse than losing the money, he realized how exposed you are in a social network," says Silveira, Rubinstein's friend. "We're exposing things now that are in many ways a lot more valuable than money."