![\"image001\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/86\/2017\/03\/05192707\/image001.png\")
<\/a><\/p>\nAfter authorization the victim receives a request for a range of permissions from an unknown application. Among other this range can include automatic login, access to profile information, contact list and the list of e-mail addresses. By assigning these rights we open access to our personal information to cyber criminals.<\/p>\n
Then, unknown individuals secretly gather the information, presumably for fraudulent purposes. For example, they can use it to distribute spam or links leading to phishing or malicious sites<\/a>.<\/p>\n How it works?<\/strong><\/p>\n There is a useful but not perfectly secure protocol for authorization called OAuth, which allows users to open the limited access to their protected resources (contact lists, agenda and other personal information) without sharing their credentials. It is commonly used by applications for social networks if they need, e.g. access to users\u2019 contact lists.<\/p>\n As apps for social networks also use OAuth, your Facebook account is not in safety as well<\/a>. A malicious app can use access to user\u2019s account to send spam and malicious files, as well as phishing links.<\/p>\n 7 simple steps to avoiding Facebook #phishing<\/a> attempts \u2013 https:\/\/t.co\/Qj68bST6HQ<\/a> pic.twitter.com\/V6rinEa2jI<\/a><\/p>\n \u2014 Kaspersky (@kaspersky) April 24, 2015<\/a><\/p><\/blockquote>\n\n