In addition to the run-of-the-mill scams you find all over the Internet, there are several scams that target social networking
sites and Facebook users. These include Gaming App scams, Vanity scams, Facebook account thieves, Malicious script
scams, and Clickjackers.
Avoiding gaming scams
When we talk about gaming App scams, we don’t mean you’ll be scammed by the App companies. They’re actually as
much of a victim as the Facebook users who fall for the scams. If you’re an online gamer you already know you have to be
careful not to fall for gaming scams. You already see offers for “cheats” and “hacks.” A lot of these things that promise to
turn you into a great gamer are really designed to steal your personal information.
Many phishing scams pretend to come from popular gaming sites. The danger isn’t using known third-party apps like
Frontierville—it’s falling for phishers pretending to offer you game points or clues. The common scams offer prizes like free
virtual objects. Other lures claim that your account has been suspended and provide a link for you to remedy the problem.
Some of these scams will arrive on your Wall, but a lot will go directly to your email. Why? Numbers. Farmville has over
16 million players. Any spammer hitting a large email list with a phishing lure is bound to net a good number of Farmville
players simply because there are so many Farmville players.
You may also see Wall postings like the previous one. Click on the link and you’ll be directed to a fake Facebook login
page. If you log into the fake page, you’re giving your Facebook password directly to the scammer. How can you tell this is
a phishing scam? Facebook will never direct you to the homescreen once you are logged in.
Facebook will never direct you to the homescreen once you are logged in.
This scammer also used a link shortening service for the above attack. While link shortening services are very helpful
because they simplify very long URLs, the downside is that you may not know where they point to until you click. Use extra
caution when clicking on these short links.
Avoiding Facebook account thieves
When Facebook accounts are stolen, it’s usually because the victim was tricked into using a fake Facebook login screen.
So how do the scammers trick you? Scammers try to catch you off guard and hit you with the fake Facebook login WHILE
you’re actually using Facebook. The scammer might post a status update on your Wall that includes a link to something
enticing. They might do this using an account they’ve stolen from one of your Friends so they gain your trust. The message
will be something that will grab your attention. It might be scandalous photos, a sneak preview of a hot upcoming film, or
a weird video. When you click on the link, you’re asked to log into Facebook again. Except that you’re not on Facebook
anymore. The link actually takes you to a different website, so when you re-enter your Facebook login credentials, you’re
handing them over to a scammer.
Unlike the insanely horrible email scams written in poor English by scammers, most of the fake Facebook login screens are
pretty believable.
This fake log-in screen above is recognizable because of the missing “e” in “Facbook” on the address bar. That’s a wellthought
scam since most people automatically insert missing vowels while reading without even realizing it.
How do you avoid subtle scams like this one? Remember that Facebook will never contact you by sending you a Facebook
message or posting a status message on your Wall. And, ALWAYS, look carefully at both the link in the address bar and
links you click. If it looks suspicious—DON’T CLICK. If Facebook does contact you, it will be via the regular email
account that you provided when you opened your Facebook account.
Always look at the link and DON’T click on it if it looks suspicious.
Also, remember that Facebook only needs you to log in once each session. If you’re asked to log in again—it’s NOT Facebook.
Avoiding malicious script scam
Malicious script scam is one of the sneakier attacks being used on Facebook users. A common con using this attack method
claims to allow you to see who’s been looking at your profile. This enticing scam tries to trick you into pasting text into your
browser address bar.
The “unique code” shown above is the malicious script. While you’re being patient as instructed, the script is setting up your
profile to spam all of your Friends.
In response to detecting these kind of attacks, Facebook added checks to help detect scripts being pasted into the address
bar. So if you do paste a script, Facebook will ask you to confirm that you really want to paste that script—and even tell you
why it’s a bad idea. Pay attention to these warnings.
Don’t paste a script into your browser address bar unless you know exactly what it does and how.
How do you avoid malicious script scam? Don’t paste a script into your browser address bar unless you know exactly what
it does and how. Also give your Friends a heads up if you start seeing spam from them. Your Friends may be completely
clueless that their Facebook accounts have been hacked. Let them know to change their passwords and how to recover a hacked account if needed. (Read on to learn how to recover a hacked account.)
 This fake log-in screen above is recognizable because of the missing “e” in “Facbook” on the address bar. That’s a wellthought
scam since most people automatically insert missing vowels while reading without even realizing it.
How do you avoid subtle scams like this one? Remember that Facebook will never contact you by sending you a Facebook
message or posting a status message on your Wall. And, ALWAYS, look carefully at both the link in the address bar and
links you click. If it looks suspicious—DON’T CLICK. If Facebook does contact you, it will be via the regular email
account that you provided when you opened your Facebook account.
Always look at the link and DON’T click on it if it looks suspicious.
Also, remember that Facebook only needs you to log in once each session. If you’re asked to log in again—it’s NOT Facebook.
Avoiding malicious script scam
Malicious script scam is one of the sneakier attacks being used on Facebook users. A common con using this attack method
claims to allow you to see who’s been looking at your profile. This enticing scam tries to trick you into pasting text into your
browser address bar.
The “unique code” shown above is the malicious script. While you’re being patient as instructed, the script is setting up your
profile to spam all of your Friends.
In response to detecting these kind of attacks, Facebook added checks to help detect scripts being pasted into the address
bar. So if you do paste a script, Facebook will ask you to confirm that you really want to paste that script—and even tell you
why it’s a bad idea. Pay attention to these warnings.
Don’t paste a script into your browser address bar unless you know exactly what it does and how.
How do you avoid malicious script scam? Don’t paste a script into your browser address bar unless you know exactly what
it does and how. Also give your Friends a heads up if you start seeing spam from them. Your Friends may be completely
clueless that their Facebook accounts have been hacked. Let them know to change their passwords and how to recover a hacked account if needed. (Read on to learn how to recover a hacked account.)