Survey Scam

Hurricane Irene clickjacking scam on Facebook

Posted on


Hurricane Irene

States in the USA, such as Vermont and New Jersey, are continuing to deal with heavy flooding in the aftermath of Hurricane Irene.

And we weren’t surprised to find internet scammers attempting to profit from other people’s misery.

For instance, here is a clickjacking scam which at the time of writing is still active on Facebook.

Hurricane Irene Facebook clickjacking scam

This Facebook page reads:

VIDEO SHOCK - Hurricane Irene New York kills All

All? Hmm.. that would be a rather fanciful claim even for the most sensationalist tabloid report. But maybe it will be enough to make you click further.

Hurricane Irene Facebook clickjacking scam

BAM! Too late. You’ve been clickjacked. Even before you’ve had a chance to notice that the page is suddenly talking to you in Italian, the webpage has taken your click onto what you thought was the video’s play button and secretly behind-the-scenes tricked you into saying you “Like” the page – thus promoting it to your online Facebook friends.

If you were running an add-on like NoScript for Firefox you would have been protected by a warning message:

Hurricane Irene Facebook clickjacking scam intercepted by NoScript

But let’s imagine that you weren’t protected. What happens next?

Hurricane Irene Facebook clickjacking scam

The page insists that you share the link to the Facebook page, presumably in an attempt to increase its viral spread. So far things don’t seem to be working well for the scammers – as only 12 people have said they “Like” the page (and one of those is my test account). Maybe folks are suspicious about a claim that Hurricane Irene has killed *everyone* in New York.

Hurricane Irene Facebook clickjacking scam

You’re still keen to watch the video, of course, but first the scammers want you to take an online survey – which not only asks you for personal information but also can earn them commission.

If you are hit by a scam like this you should remove the page from the list of pages that your Facebook profile likes..

Unlike Hurricane Irene Facebook clickjacking scam

..and remove it from your newsfeed, reporting it as spam to Facebook.

Remove Hurricane Irene Facebook clickjacking scam

The good news is that this particular scam hasn’t become widespread, but many others do.

If you’re a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page – where more than 100,000 people regularly discuss the latest attacks.

Your Facebook Profile Stalkers exposed? No, it’s a rogue application spreading virally

Posted on


Messages are spreading rapidly on Facebook claiming to reveal a way to find out who has been secretly viewing your profile.

Here are a couple of examples:

Profile stalkers on Facebook

Brilliant!! Now u can see all your profile stalkers! --> [LINK]

and

Profile stalkers on Facebook

WOW!! I can't believe that you can see whose viewing your profile. I've just seen my top 10 profile peekers and I'm shocked on whose Viewing my Profile. You can also see whose viewing your FACEBOOK PROFILE HERE: [LINK]

Clicking on the links takes you to a splash screen for a rogue application, and you are fooled by the promise of discovering who has been viewing your Facebook profile to give permission for a third-party application to access your account.

Profile stalkers on Facebook

Want to see who views your Facebook profile?

This is amazing!

Now you can see who is viewing your profile and find out how many profile views you got. Just use our application and press button below and then Allow to analyze your Facebook profile!

Obviously you shouldn’t grant permission on the following screen for the application to access your Facebook profile, but an alarming number of users appear to have no qualms about exposing their confidential information and degrading their security in this way.

Profile stalkers on Facebook

The problem is that this isn’t a legitimate application request. A rogue application wants access to your account so it can spread the messages and its link even further, spreading the campaign virally across the social network. The goal? To earn money by driving traffic to an online survey.

Profile stalkers on Facebook

Notice that the survey presents itself in a convincing Facebook style, which may trick some users into believing that it is legitimate.

If you’ve been affected by this scam, you should clean up your account before any further damage is done.

I’ve made a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams on Facebook:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 100,000 people regularly share information on threats and discuss the latest security news.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

This g1rl must be Out of her Mind – Facebook scam spreading quickly

Posted on


In a continuance of a trend we have been seeing the last few weeks, a new Facebook scam using a sexually suggestive thumbnail is spreading like wildfire.

Facebook g1rl out of her mind scam

The scam is currently spreading on people’s walls using the title “This g1rl must be Out of her Mind but also a Genious for making This v1deo! – After they took her life away she decided to do genious revenge!” and “This woman must be really nuts but also a Genious for making This video! – They decided to ruin her life but she decided to hit them back!”

Since Facebook implemented their partnership with Web of Trust back in March, it appears the con artists are changing their URLs more frequently to prevent WoT from detecting the threat and warning users.

In the past 90 minutes, I have seen this scam use youpube-dot-info, youmube-dot-info and http://www.grimvh-dot-info. These URLs will likely be dormant by the time you read this and replaced with another set pointing at identical scams.

If you click on the post you are presented with the “Verify you are human” or “Are you older than 13 years of age? Click ‘Jaa’ button 2x to confirm and play video” popup screens. This leads you to a Facebook share dialog in Finnish where clicking “Jaa” means Share.

Fake age verification popup

If you click Jaa twice you are ultimately led to a survey where the fraudsters earn a commission for every user who succumbs to the temptation of seeing the sexy video.

If you are a Facebook user and want to stay on top of the latest threats, LikeSophos for the latest news. You can also follow Graham CluleyPaul Ducklinand me on Twitter.

Ex girlfriend Facebook scams use shocking imagery, but spread quickly

Posted on


It’s turning into quite a bad weekend for Facebook with chain lettersphishing attacks and now the promise of hardcore videos being used to spread scams virally across the social network.

The following messages are currently appearing very rapidly. We’ve had to obscure the thumbnails as many people will find them disturbing.

Ex girlfriend video scams on Facebook

Here’s what the messages typically say:

[Video] - This is what Happend to his Ex GirlFriend!
[LINK]
Play Video! She could not walk properly for days!

and

Look what he did after her Ex girlfriend posted on his wall
[LINK]
lol What true pain both are having at this moment.?

Of course, there are people out there who find such links too tempting to resist. Here’s what they’ll see when they click on the link.

Ex girlfriend video scams on Facebook

It’s the latest in a series of Facebook scams which ask you to click on the word “Jaa”.

The victims probably don’t realise that “Jaa” is Finnish for “Share”, and they’re helping the scam spread to their online Facebook friends. Typically such scams end up with you being taken to an online survey that will earn the scammer money.

Can I respectfully suggest that if you keep falling for scams like this, you try and get your kicks elsewhere on the internet? There’s plenty of photos and videos of naked ladies out on the web which you can peruse at your leisure, without the risk of flooding the newsfeeds of your Facebook friends.

I’ve informed Facebook Security about this latest fast-spreading family of scams. Let’s hope they can take swift and decisive action so their users are no longer at risk.

If you got hit by this scam, make sure you have removed the entries from your news feed (to stop them being shared amongst your friends) and check your profile has not any unwanted “Likes” under your “Likes and interests”.

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.

Ryan Dunn’s last words lead to a Facebook scam

Posted on


Ryan Dunn, a star of the TV show Jackass, died last week after a high speed car crash. And within hours, ghoulish scammers were taking advantage of the daredevil’s demise by claiming to have exclusive videos of the accident in links that spread via Facebook.

Ryan Dunn Crash Video [Exclusive]

Ryan Dunn Crash Video [Exclusive]
[LINK]

In addition, we have also seen bogus videos being promoted via viral links which claim to show Ryan Dunn’s last words.

Ryan Dunn's LAST WORDS - EXCLUSIVE!!

Ryan Dunn's LAST WORDS - EXCLUSIVE!!
[LINK]
WARNING: For mature audiences only.

Clicking on such links, however, is playing directly into the scammers’ hands. A bogus Facebook page appears, and you are tricked into “Sharing” the page with your Facebook friends in the belief that you are really passing an age verification process.

Ryan Dunn scam

Once you’ve helped the scammers spread their promotion across Facebook, you are tricked into taking an online survey which earns commission for whoever is the mastermind of the scam operation.

Survey scam

If you’re a fan of Ryan Dunn, it seems to me that the very last thing you should be doing is helping someone who is exploiting the TV star’s death make money.

If you got hit by this scam, make sure you have removed the entries from your news feed (to stop them being shared amongst your friends) and check your profile has not any unwanted “Likes” under your “Likes and interests”.

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.