I've always thought Facebook was a stupid place to play video games. Now, it seems, there's a social engineering risk.
As Graham Cluley at Sophos notes in the Naked Security blog, a scam claiming that you can play Mario Kart on Facebook has spread between a lot of users.
The would-be victims of this bit of social engineering see something that looks like this:
Play Mario Kart on Facebook!
[LINK]Play Mario Kart on Facebook with your Friends! Join the multiplayer mayhem NOW! Click here to play
Click the link and you get a webpage urging you to join the game.
"Unfortunately as soon as you press "Play Now" you'll not find yourself in the middle of a fast-moving road race with all your favourite Nintendo characters, but instead urged to complete an online survey or competition," Cluley says. "Unfortunately, Facebook's built-in security systems don't appear to be blocking this scam at this time - giving it plenty of breathing space to trick as many users as possible into taking the online competitions. And, of course, the more traffic the scammers send to the online surveys and puzzles, the more commission they earn. And the more spam Facebook users find filling up their walls and inboxes."
We've written much in recent months about these Facebook-based scams. We keep writing about them because people keep falling for them.
In my view, playing games on Facebook has always been more trouble than it's worth. There are the non-security reasons: I tired of seeing everyone's Farmville status updates, for example. But at the ShmooCon security conference last year, the social engineering dangers of such games was made plain.
In a February 2010 talk called "Social Zombies II: Your Friends Need More Brains," security practitioners Tom Eston, Kevin Johnson and Robin Wood explained how these applications are susceptible to malware pushers and those looking to steal your personal information. It's not much of a stretch for hackers to impersonate people you think are trusted, fellow players, as is the case with a lot of online gaming.
I don't look down on people who enjoy these games. That would be hypocritical of me, since I have my own social engineering vices, especially the Spotify music-sharing program. It's only a matter of time before the social engineering schemes start targeting something like that.
It just goes to show that the more functionality we get in the Facebook world, the more we open ourselves to getting ripped off.
The best defense for now, I suppose, is to stay aware and greet any kind of invite with skepticism.
one-stop view of latest business threats. We created it for you! Bookmark it! Use it!
CSO's Daily Dashboard gives you a
Get your morning news fix with the daily Salted Hash e-newsletter!