Protecting Yourself from Malicious Code
June 27, 2012
Jackie here, with AllClear ID. We’ve talked about clickjacking and likejacking here on the AllClear ID blog, but these aren’t the only potential dangers when using social media. Watch out for malicious code- which if pasted into your browser’s address bar can result in spam to your Facebook account and phony status updates.
Malicious code takes advantage of a browser’s security weaknesses. It starts out with spammers asking you to copy and paste a link or segment of text into your address bar. This then causes the browser to take action, resulting in fake status updates and spam.
What Can You Do?
As with most spam schemes, thinking before you click or paste can go a long way to keep you protected. Don’t paste suspicious-looking links or text into your address bar. Unknown web addresses or text could lead you to spam sites or could lead to your social media accounts being compromised.
Facebook is also working hard to protect you from this problem. Here is what they say about malicious code on their page Keeping You Safe from Scams and Spam, “We have been working hard to improve our systems that detect and block these types of attacks, as well as to educate people on what is causing their accounts to send spam. Now, when our systems detect that someone has pasted malicious code into the address bar, we will show a challenge to confirm that the person meant to do this as well as provide information on why it’s a bad idea. We are also working with the major browser companies to fix the underlying issue that allows spammers to do this. Internet Explorer 9 has already put some protections in place, and we are talking with others about providing similar protections.” Read more on Facebook here.
Another key way to protect your accounts: Keeping your browser up to date and installing the latest version when it becomes available.
When using social media you need to always be on the lookout. Be careful where you click, who you befriend and what you trust. Spammers, scammers and id thieves are ready to compromise your accounts and your identity.