Facebook Scams - Applications on Third-Party Websites

Applications on Third-Party Websites

There are many legitimate Facebook applications out there that are hosted on third-party websites. However, there are many out there on third-party websites that are there to either steal your log-in information or infect your computer with one or more viruses.

Facebook Connect :

Legitimate applications hosted on third-party websites will use something called Facebook Connect to link their site to your profile so that they can work correctly. How this works is when you visit the site, a pop-up comes up telling you that the site requires you to connect to Facebook. When you click the button at the bottom of the pop-up, a separate window opens up with a log-in form. Once you enter your information and submit it, the application is now linked to your profile and you can now use it on the third-party website.

Stealing Your Log-in Information :

''Facebook Connect
If the third-party website legitimately uses Facebook Connect, you should see the pop-up below:

After clicking on the button to log-in, you should see a separate window pop up, like this:

If the log-in form is on the same page or if the new window that pops up does not belong to Facebook, do not enter your information. If you do, your account will be hacked.

In order to steal your log-in information, illegitimate applications on third-party website will do one of several things.''

The first thing they may do is redirect you to a page that looks exactly like the Facebook log-in page, but is actually owned by the attacker’s website. If you enter your information into that log-in form and submit it, the attackers will now have your information, with which they can hack your account and spam your friends. See the article on phishing for more information.

The next two things they may try both involve faking the use of Facebook Connect. The first way would be to claim that a log-in form on their page is the Facebook Connect log-in form, and that you need to enter your information there to connect the site to your Facebook profile. However, just like the fake Facebook log-in page, if you enter your information there, they will be able to hack your profile.

The second way of faking Facebook Connect would be to open a log-in form in a separate window, but that window is actually owned by the separate website, not Facebook. Once again, if you enter your information there, they will have your e-mail and password and will be able to hack your account.
How do you protect yourself against these attempts to steal your account information? If you come across a Facebook log-in page, especially after clicking a link for an application on a third-party website, MAKE SURE the web page is owned by Facebook. You can do this by checking the URL of the page in the address bar. The key is that the word “facebook” MUST come DIRECTLY before “.com”. If it does not, such as in “www.facebook.example.com”, then the website you are entering your information into isn’t Facebook, it’s example.com. When in doubt, use a bookmark or just type “facebook.com” into your browser.

By bookmarking Facebook's log-in page, you will always have a safe page to enter your log-in information into. To ensure you don't enter your information on fake log-in pages, follow these steps:

1. Navigate to Facebook's Log-in Page - Type "www.facebook.com" in your browser.
2. Bookmark the Page - Different browsers have different terminology for this, but most either say something along the lines of "Bookmark this Page" or "Add to Favorites".
3. Use it - If you ever come across a Facebook log-in page unexpectedly, just click on the bookmark you made in Step 2, which will bring you to the real log-in page, just to be sure.

As for attempts to fake Facebook Connect, keep two things in mind: the Facebook Connect log-in form MUST open up in a new window, and the new window it opens up in MUST be owned by Facebook. If the log-in form doesn’t open up in a new window, DO NOT enter your information. If it does open up in a new window but the address in that new window doesn’t belong to Facebook (you can check it in the same way you check the fake Facebook log-in page), then once again, DO NOT enter your information.

Viruses :

Stealing your log-in information is bad enough, but some of these websites will try to get you to download malicious programs to your computer, infecting it with viruses. There are two common methods of doing this: claiming that the application requires a download, and tricking you into downloading something posing as a software update or anti-virus software.

Facebook provides application developers with more than enough tools for applications to work online. If applications required something to be downloaded, the application would only work for those who download it, which is a major inconvenience and would mean that the tools Facebook provides for application developers are basically pointless. The fact is that no legitimate applications require downloads, so you should NEVER trust anything that tells you something needs to be downloaded in order to make a Facebook application work. If you do download something like that, you’re probably downloading a virus, or at the very least a Trojan – a working program that comes along with a virus.

On some sites, various pop-ups will come up claiming that your computer is infected with viruses and needs a new anti-virus program, or that you need to download a new software update (which is exactly what the Koobface virus did). If pop-ups like this come up on your screen when you are on a website for an application, DO NOT download any of them, they are most likely viruses. If you think you may actually need a software update, go to the company’s website and get it from there. Don’t trust pop-ups on a questionable website.

Summary :

Some legitimate applications do reside on third-party websites, but many illegitimate applications do as well. Keep an eye out for attempts to steal your account information and infect your computer with viruses, especially if the application claims to do things like track visits to your profile, give you a dislike button, or anything else disproven on this website.

ItsArticles.Blogspot.Com