I’ve been around for a very long time. Phishing is one of the oldest traits on the www, using shady methods to obtain user info. In recent weeks I have noticed a escalation in Malicious Facebook Applications. Although this has a positive side it also has a negative, the negative sometimes being your information is stolen through a fake app designed to scrape your personal information. Who would want your person information right? How about data providers… who else could find a way to monetize user information, why not sell it to marketers? Marketers need an audience even though sometimes they aren’t listening. Large repositories of information are always sold online to buyers who need an target audience or demographic.
The Facebook App hack seems to work like this:
- First you create a fake app through an account.
- Once the App is completed you deploy it from the compromised account
- A compromised account can be successfully harvested within 10 minutes at your local coffee shop
- With the compromised account create an attractive Wall post; Want To Know Who Is Stalking Your Profile? Install this App Find Out Who!
- Once a user installs the app, all there personal information has been scraped and possibly account hacked
This technique along with good bots can make quite the successful harvesting.
Make sure you don’t just install an App because your friend installed it and has a wall post promoting it. Make sure you know enough about any app before installing it.
Or else you will end up with lot’s of spam in your inbox and possibly your account suspended.