Yet again, a relatively new scam has hit Facebook, and I've also seen similar activities on LinkedIn and other social media platforms recently.

The new "coined" term given to this type of attack is a "Magnet scam".   Here's how it works:

How it works?

  1. A malicious post is put up on facebook, with 20 friends tagged.
  2. Most of the time, the post is a video that is specifically designed to lure people to click on it.
  3. The video can change from post to post, but the number of friends tagged is typically always 20.
  4. Once a victim clicks on the link in the post, they are prompted to update flash player, or some other software so they can view the video.
  5. The "update" is the actual virus that users are installing, and once installed, it takes over the device, and installs other malware.
  6. That malware then propagates the scam/virus by posting a link on the victims facebook page, and tagging 20 of their friends.

spywareWhy this is so effective?

This type of scam / virus is very effective because it's typically one of your friends or a very trusted colleague that appear to have posted the video on their facebook or LinkedIn account.  And why would your friend or business professional be posting viruses right?   So victims perpetuate the virus unknowingly to them by clicking on the posts and installing the "update".   Since social media is such a face paced platform, before you even realize what happened, others have already opened the post you appear to have made, and the cycle continues.

Why would people do this?

I get asked this question very often.   Why would people create these viruses, what's the point?  It all boils down to one thing.   Money.   Viruses like this are BIG BUSINESS.   See, they don't just infect your computer so you can then infect other computers.  The reinfection is just the way the virus can propagate itself.

Here's how money can be made with viruses.

  1. Create a botnet and sell it to the highest bidder: A bot net is basically a group of infected computers that the hacker has control over.   He can sell that control to the highest bidder, and those computers can be used to prepare a cyber attack against another target or company.
  2. Scan the infected computer for information: Once a computer is infected, the attacker, can put spyware on the system, recording everything you type from passwords to credit card numbers, etc.   This information can then be sold to the highest bidder, or used to drain your bank account, perform credit card fraud, or even steal your identity.
  3. Email Spam: Some attackers have been using infected computers to send out spam email.  Hundreds of thousands of spam emails are sent using this method.   If even .001 percent of spam messages generate income for the attacker (someone clicks on a spam email's links and purchases something... .yes it does happen), this can generate millions in revenue for the hacker.

So what can you do about it?

There's been a lot of talk about what to do to protect yourself online.  And the information can get quite overwhelming, but there are a few key things that will go a long way to protect you and your company.    There are obvious ones such as Antivirus, and Antimalware, and those are effective to a degree, however having just an Antivirus isn't enough anymore to properly protect you.

  • Antivirus:   Yes, have one, keep it up to date, enough said!  🙂
  • Windows updates: Keeping your computer's software up to date is EXTREMELY important.   Most viruses take advantage of security flaws in computer systems, that have long been fixed through updates.  However if those updates are not being installed regularly, your putting yourself at risk.   An Antivirus is useless if you don't have all your updates installed.
  • 3rd Party Software Updates: Some time ago, a computers biggest weakness was Windows, however Microsoft has come a long way in releasing updates, and pushing those updates out to their OS.   Today, I would say that the biggest security flaws are no longer windows, but the tools you use every day such as Adobe, Java, Flash, etc.   These tools are also vulnerable to flaws, and the software developers, release updates for those too.   Unfortunately these updates tend to be forgotten or missed.
  • Web Filter: Having a web filter in place will prevent your computer from ever loading most websites that are known to be malicious.   In fact, a good web filter will even prevent the type of attack described above.
  • Restrict Access: If you login to your computer as an administrator, then viruses have free reign on your computer, as the virus will have the same level of access as you do.   Try and restrict yourself to using a standard user account, and if you need to do anything administratively, you can always "switch profiles" to perform the install or update, and then switch back to your non-administrative account.

These are but a few of the things you can do to protect yourself online.   Remember, always be diligent, and make sure before you enter any confidential into your computer that you are sure you computer is not infected with a virus, and that the website you think you are on, really is the website you are on (check the address bar, don't assume because the site looks the same, that you are in the right place)

Want to stay cyber safe, but feel like it's too overwhelming?

Give us a call at 905-346-4966.  Not only can we provide you with a free no obligation Security Assessment for your business, so you can be 100% sure you are currently protected, but we also offer a very affordable security bundle called Business Security Pus that puts into place many security systems for your business that you should have to protect yourself online.

Stay Cyber Safe,

Bryan Lachapelle
B4 Networks Inc.