Malicious Color Scam in Facebook Returns
How would you want to make your Facebook profile look better? There are now many ways to do so. You may resort to third-party apps that can do the trick. However, be advised that it is not always safe to do so.
Cheetah Mobile, a security vendor, has warned all users of the popular social networking site to beware because the so-called color scam is back. As expected, it has become nastier than ever.
It has surfaced in the past and it has disappeared after it was exposed. But now, it is back to victimize unsuspecting preys online. It is just not clear if the proponents of the current malicious software are the same as the proponents of the past versions of color scams.
How it works
How does the color scam in Facebook work? The program offers users to enjoy the capability to modify the color of their respective Facebook profiles in an instant. It offers a free download of the Facebook color changer app.
When such malicious site is clicked, users are led to a phishing online site. Researchers have found that the issue has been happening because of the common vulnerability that affects the app page of the social networking site itself.
It would allow hackers to put or implant malicious codes and viruses to the Facebook-based app. Thus, users would be redirected to the phishing websites. To date, Cheetah Mobile believes that this scam has already infected and affected up to 10,000 Facebook users from all over the world.
Resolving the issue
Based on the probe conducted by the security vendor, the phishing sites redirect users to other sites, which in turn can possibly steal their ‘access tokens.’ Users would be asked to view what is called as a color changer tutorial, which is supposed to be in the form of a video.
When the temporary access is obtained by hackers, they could use the tokens and possibly connect with the users’ Facebook friends. If the user proceeds to view the tutorial video, he or she would be asked to download what could be a malicious application.
The best way to do when you think you have been victimized by this scam is to immediately change your password to access Facebook. You would also have to remove the app from your profile.