Facebook Traps

Security Awareness
17 November 2023
La sede di Facebook

Recognising Facebook hoaxes is the first step to shutting the door on hackers

Facebook for payment: yes or no?

This is the issue that has been discussed in recent weeks on the famous social network.
In fact, many users of the platform have posted a strange text in which, in somewhat inaccurate and ungrammatical Italian, they have declared that they do not accept the new subscription conditions of €4.99 per month and that they do not authorise any transfer of data to Meta.

This is the text of the post

I'm deactivating too! So now they are doing it, only just announced on Channel 4 News. Facebook will start charging all users from Monday. You can opt out by doing this. Hold your finger on this message and copy it. It cannot be shared. I do not give Facebook permission to charge my account $4.99 per month, also; all my photos are my property and NOT Facebook's!!!
I'm deactivating too! So now they are doing it, only just announced on Channel 4 News. Facebook will start charging all users from Monday. You can opt out by doing this. Hold your finger on this message and copy it. It cannot be shared. I do not give Facebook permission to charge my account $4.99 per month, also; all my photos are my property and NOT Facebook's!!!

Yet another chain letter

The circulation of this alert has obviously triggered a debate and caused concern. But it was a useless waste of time and energy, because the report was a hoax, a chain letter to which many, even unexpected, people succumbed.

Luckily, in this case it was a fairly harmless event, because even if one followed the instructions of the hoax post, i.e. copying and pasting the text on one’s profile, no personal data theft or other unpleasant consequences ensued.
However, the question we must ask is: how many have done it?

Too many still fell for it

Unfortunately, the response is not encouraging and shows that a large proportion of users do not know many of the dynamics of the platforms they use on a daily basis and that too many still react instinctively when faced with the most trivial of pitfalls.

Indeed, it would suffice to analyse an ungrammatical post that does not make much sense less superficially and, before taking action again, reflect for a few minutes and perhaps do a quick web search. But, unfortunately, in certain situations it is as if our rational mind switches off, and we enter a response mode driven by the autopilot of the emotions. This is exactly what not to do.

Indeed, it may even be the case that the intentions of those who initiate these chain letters are actually to identify users who easily fall into this kind of trap and then reserve more serious scams for them.

In fact, scams on Facebook and other Meta platforms can be much more tricky and present nasty surprises from which it is then difficult to recover. For example, they may lead to the inability to access one’s channel, loss of data or thehacking of accounts by miscreants who can then log in to profiles and become administrators. This means, for example, that they can also initiate paid campaigns without any action on the part of the real managers.

Recognising scams is not difficult

There is cause for concern, but the good news is that recognising these scam attempts is not difficult: you just have to be a little careful.

In the meantime, these alerts usually come from accounts or pages with strange names (Meta Business Suite 2355, Business Security, Security page or written in special characters) or which may arouse suspicion for other reasons: (e.g. very few followers/friends, descriptions that have nothing to do with the name, photos not related to the topic, shorter referral links, such as tiny.url or bit.ly, or otherwise strange and suspicious links).

Therefore, just doing a quick check on the account name can be revealing and lead us to refrain from pursuing any kind of action, because we can ascertain that Meta is definitely not the one sending us the warning.

Finally, it is important to know that Meta never contacts users by tagging or mentioning them. Not even by private message, unless we ourselves made a request for assistance. So any warning of a blocked or hacked account that arrives via tag or mention or private message is definitely a scam.

High-quality training is the best protection

The episode in recent weeks could therefore not fail to attract the attention of those who take an interest in computer security, even if it was the circulation of an apparently harmless post.

The fact that many people superficially performed an action on Facebook without first analysing what they were doing means that there is still a lot to be done on the training front, because the human factor continues to be the weakest link in the entire security chain.

Hackers can exploit multiple access points: our emails, corporate channels, but also our personal social media profiles and those of our customers. And most of the time it is ourselves who open the door for them, giving them access to our lives and our professional and business activities.

The best security therefore remains quality, continuous, up-to-date training that is tailored to each individual user and his or her level of preparation.

When faced with correct and consolidated digital posture, there are no protections and antivirus software that will hold, because any hacker will realise that he has a barred door in front of him and will go instead to try to do damage elsewhere.

Related Articles

Clusit 2024 report: data of concern

Clusit 2024 report: data of concern

Manufacturing targeted in Italy but attacks on health care grow 83% over first half of 2023.The centrality of the human factor. From the cyber front comes no good news. On the contrary, the war (because this is what it is all about) is more heated than ever and the...

read more