The dangers behind this ‘harmless’ Facebook post

    Posted on July 8, 2020

     

    There is a post being shared round Facebook at the moment which not only seems harmless, it’s also seemingly helping people to promote their business websites.

    The post features the line “show me your website and make yourself visible” and then continues to explain that, in order to help people get more exposure for the businesses, they should paste links to their websites in the comments.

    The whole post looks like this:

    You’ll notice the post contains the text “You could copy this text onto your own page” so that other people know not to share it, but to copy and paste the text. That should be a red flag right there. Why? Why should the text be copied and pasted to someone’s own post?

    The reason is simple – if it is copied and pasted, it can be indexed and crawled – by Google, by other search engines and by ANY crawler programmed to do so. A quick Google search shows over 7,000 indexed Facebook statuses containing the same text.

    There will be more than that – Google won’t show all of them. A crawler coded to scrape that information will find more.

    So where’s the harm? Surely it’s just links to people’s websites? That’s a good thing, right?

    There are two immediate reasons why someone unscrupulous may want this information.

    Firstly, imagine you were a cold calling sales person, or perhaps an email marketer sending unsolicited emails, or maybe even a scammer wanting to send phishing emails to website owners. How could you get the names, locations and personal details of the people who owned the websites?

    Oh yes, that’s right. These 7,000+ posts we can see indexed in Google are all filled with lists of websites and contact names for the owners. They’re all right there for you to see. A simple scraper will pull that down into a spreadsheet or database for you, with domain names, contact names, and links to Facebook profiles. An automated program can then be used to scrape emails from the websites themselves and send phishing emails to those email addresses, mentioning by name the person who owns the website.

    Nasty.

    But there is a far worse use of this data.

    Many people, and that probably includes YOU, use the same passwords across different websites. Let’s assume there are 10 comments (website links) posted on each of these Facebook posts. Some have far more than that, so 10 is a very conservative estimate for the average. As few as 10 comments, across 7,000 posts, is 70,000 website links and the names of people who own them – with links to their Facebook profiles.

    Now, if we assume there hasn’t already been huge data leaks all over the internet already, with passwords being leaked that are tied to people’s email addresses (which of course there have been), the ability to link websites to people on Facebook represents a great opportunity for a hacker to crack two birds with one stone when hacking into a website’s admin area. The same login details would very likely apply for the person’s Facebook profile as well.

    Of course, there’s nothing wrong with sharing a link to your website on Facebook. There’s nothing wrong with posting Facebook posts encouraging people to share their website links. But do you really have to make it so easy for hackers as to copy and paste text that just slots into their scraper’s algorithm perfectly, allowing them to harvest the responses of everyone who comments?

    Write your own post. Do NOT copy and paste. It takes seconds, and eliminates the inherent dangers represented by these types of posts.

    Stay safe online.

    Like us on Facebook to see more posts like this

    >
    %d bloggers like this:

    We have worked with:

    TEL: 0345 621 4321