Scam

Hurricane Irene clickjacking scam on Facebook

Posted on


Hurricane Irene

States in the USA, such as Vermont and New Jersey, are continuing to deal with heavy flooding in the aftermath of Hurricane Irene.

And we weren’t surprised to find internet scammers attempting to profit from other people’s misery.

For instance, here is a clickjacking scam which at the time of writing is still active on Facebook.

Hurricane Irene Facebook clickjacking scam

This Facebook page reads:

VIDEO SHOCK - Hurricane Irene New York kills All

All? Hmm.. that would be a rather fanciful claim even for the most sensationalist tabloid report. But maybe it will be enough to make you click further.

Hurricane Irene Facebook clickjacking scam

BAM! Too late. You’ve been clickjacked. Even before you’ve had a chance to notice that the page is suddenly talking to you in Italian, the webpage has taken your click onto what you thought was the video’s play button and secretly behind-the-scenes tricked you into saying you “Like” the page – thus promoting it to your online Facebook friends.

If you were running an add-on like NoScript for Firefox you would have been protected by a warning message:

Hurricane Irene Facebook clickjacking scam intercepted by NoScript

But let’s imagine that you weren’t protected. What happens next?

Hurricane Irene Facebook clickjacking scam

The page insists that you share the link to the Facebook page, presumably in an attempt to increase its viral spread. So far things don’t seem to be working well for the scammers – as only 12 people have said they “Like” the page (and one of those is my test account). Maybe folks are suspicious about a claim that Hurricane Irene has killed *everyone* in New York.

Hurricane Irene Facebook clickjacking scam

You’re still keen to watch the video, of course, but first the scammers want you to take an online survey – which not only asks you for personal information but also can earn them commission.

If you are hit by a scam like this you should remove the page from the list of pages that your Facebook profile likes..

Unlike Hurricane Irene Facebook clickjacking scam

..and remove it from your newsfeed, reporting it as spam to Facebook.

Remove Hurricane Irene Facebook clickjacking scam

The good news is that this particular scam hasn’t become widespread, but many others do.

If you’re a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 100,000 people regularly discuss the latest attacks.

Facebook ‘Girls Must Be Watch Out Of Her mind’ photo-tagging scam – the lessons to learn

Posted on


Naked Security readers have asked us once again to warn of a rapidly-spreading photo-tagging scam on Facebook, this time with the grammatically curious title This Girls Must Be Watch Out Of Her mind After Making This Video.

Here’s one wise Facebook user’s advice:

We first wrote about this sort of scam back in April. Just look at the Request for Permission dialog from a typical rogue application:

Let’s look at those permissions:

Access my basic information. That seems OK, since you’re agreeing to share information which you’ve shared already.

Post to my Wall. This lets an application act as if it were you. Think about this: it can post anything, about anyone, linking to anywhere, in your name. You are giving the application the right to offer statements and opinions on your behalf, without asking you. That’s an awful lot of power.

Access my data any time. Combined with the previous permission – to speak on your behalf – this is very close to giving the application a power of attorney over your Facebook account. Do you ever really want to do that?

Access my photos and videos. This effectively removes any privacy controls you enjoy over images of your personal life.

Now that Facebook has universally enabled its facial recognition service, whereby your friends can tag you in photos in which Facebook suggests you appear, photo-tagging has really taken off.

And a new way of abusing the abovementioned power of attorney is open to rogue Facebook applications: deliberately tagging you in images in which youdon’t appear.

In this latest scam, which borrows a long-running prurient Facebook meme about “Girl must be out of her mind,” you appear to be tagged in a pornographic, or at least semi-pornographic, movie, which is then recommended to your friends.

Of course, this raises two questions about Facebook’s facial recognition. Firstly, now it’s universally enabled, why does it allow you to be tagged in photos in which you obviously don’t appear? (The April scam I linked to above tagged you in photos of food which contained nothing even vaguely resembling a human face.)

Secondly, is it really acceptable to allow tagging without the permission of the taggee? Back in March, we wrote about a judgment in the Kentucky courtswhich decided that the law does not require the taggee to be asked. But is that a good enough standard for Facebook to follow?

Facebook will notify you when a friend tags you, but I’d love to see that changed to a stricter default. You should be notified and be asked to approve the tag before it is accepted by the system.

Lastly – and this shouldn’t really need saying, but I shall say it anyway-DON’T APPROVE FACEBOOK APPS, TAKE SURVEYS, OR PROACTIVELY LIKE ANYTHING in return for access to a video.

If you really must see for yourself whether This Girls Must Be Watch Out Of Her mind After Making This Video, why don’t you just search for it on YouTube, thus sidestepping the Facebook scammers entirely?

Or learn a touch of restraint, because it goes a long way towards improving your security online. In short, THINK BEFORE YOU CLICK.

Your Facebook Profile Stalkers exposed? No, it’s a rogue application spreading virally

Posted on


Messages are spreading rapidly on Facebook claiming to reveal a way to find out who has been secretly viewing your profile.

Here are a couple of examples:

Profile stalkers on Facebook

Brilliant!! Now u can see all your profile stalkers! --> [LINK]

and

Profile stalkers on Facebook

WOW!! I can't believe that you can see whose viewing your profile. I've just seen my top 10 profile peekers and I'm shocked on whose Viewing my Profile. You can also see whose viewing your FACEBOOK PROFILE HERE: [LINK]

Clicking on the links takes you to a splash screen for a rogue application, and you are fooled by the promise of discovering who has been viewing your Facebook profile to give permission for a third-party application to access your account.

Profile stalkers on Facebook

Want to see who views your Facebook profile?

This is amazing!

Now you can see who is viewing your profile and find out how many profile views you got. Just use our application and press button below and then Allow to analyze your Facebook profile!

Obviously you shouldn’t grant permission on the following screen for the application to access your Facebook profile, but an alarming number of users appear to have no qualms about exposing their confidential information and degrading their security in this way.

Profile stalkers on Facebook

The problem is that this isn’t a legitimate application request. A rogue application wants access to your account so it can spread the messages and its link even further, spreading the campaign virally across the social network. The goal? To earn money by driving traffic to an online survey.

Profile stalkers on Facebook

Notice that the survey presents itself in a convincing Facebook style, which may trick some users into believing that it is legitimate.

If you’ve been affected by this scam, you should clean up your account before any further damage is done.

I’ve made a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams on Facebook:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 100,000 people regularly share information on threats and discuss the latest security news.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

Does using Facebook put you at more risk elsewhere on the internet?

Posted on


Trust

According to a recent article from the coolcats at Fast Company, “Digital Oxytocin: How Trust Keeps Facebook, Twitter Humming”, the Pew Research Center has shown that the more time you spend on the internet, especially social networks like Facebook and Twitter, the more trusting you become.

Not just on social networks, but everywhere – both online and in real life.

Now, the article is well worth a read, but those of you short on time, here is the gist:

As the report put it, "The typical Internet user is more than twice as likely as others to feel that people can be trusted," with regular Facebook users the most trusting of all. "A Facebook user who uses the site multiple times per day is 43% more likely than other Internet users and more than three times as likely as non-Internet users to feel that most people can be trusted."

With 30% of the world estimated to be online – about 80% of North America and 60% of Europe – and more than half of these users belonging to some social networking site, an increase in trust could have major impacts on how people interact in the future.

Does this mean that social network users will eventually become a bunch of loved-up hippies? It is really difficult for me to imagine what I would be like if I shed my cynical armour.

I shouldn’t really worry: while I study social networks all the time, I am more of a voyeur than a player. Let’s be honest here – I find them really scary.

Many users of social networks seem completely addicted – they are on there all the time, recording every event of their lives. It just seems so intrusive to me…and compulsive. A recent Intel ad unintentionally sums it up well, and I guess I am not tempted to building a “Museum of Me”. MORE

This g1rl must be Out of her Mind – Facebook scam spreading quickly

Posted on


In a continuance of a trend we have been seeing the last few weeks, a new Facebook scam using a sexually suggestive thumbnail is spreading like wildfire.

Facebook g1rl out of her mind scam

The scam is currently spreading on people’s walls using the title “This g1rl must be Out of her Mind but also a Genious for making This v1deo! – After they took her life away she decided to do genious revenge!” and “This woman must be really nuts but also a Genious for making This video! – They decided to ruin her life but she decided to hit them back!”

Since Facebook implemented their partnership with Web of Trust back in March, it appears the con artists are changing their URLs more frequently to prevent WoT from detecting the threat and warning users.

In the past 90 minutes, I have seen this scam use youpube-dot-info, youmube-dot-info and http://www.grimvh-dot-info. These URLs will likely be dormant by the time you read this and replaced with another set pointing at identical scams.

If you click on the post you are presented with the “Verify you are human” or “Are you older than 13 years of age? Click ‘Jaa’ button 2x to confirm and play video” popup screens. This leads you to a Facebook share dialog in Finnish where clicking “Jaa” means Share.

Fake age verification popup

If you click Jaa twice you are ultimately led to a survey where the fraudsters earn a commission for every user who succumbs to the temptation of seeing the sexy video.

If you are a Facebook user and want to stay on top of the latest threats, LikeSophos for the latest news. You can also follow Graham CluleyPaul Ducklinand me on Twitter.

Facebook scammers spread app pretending to be ‘Video Calling’

Posted on


As Paul Ducklin predicted only a few days ago, scams related to Facebook’s launch of a video chat service powered by Skype are surfacing.

Facebook Video Calling scam app

This particular scam doesn’t use the actual Facebook video service as Paul has predicted they will do, but it certainly is trying to ride the media coattails and attention Facebook’s announcement generated this week.

What is clever about this one is that if it were true that Facebook Video Chat was an application, you might be more easily convinced to approve the application to have more liberal permissions.

Facebook fake video call permissions

This version asks for your personal information, the ability to post messages to your wall, read your posts(?) and to do all of this any time it likes…

Strange, if it were a video calling app it would presumably only need to access my data when I am using it, right?

Fortunately, aside from being a better social engineering trick than many Facebook scams, this one simply spams your friends and leads you to the ubiquitous surveys to fill out and generate referral fees for the criminals.

Enable Video Calls spam

If you see a wall post referencing “Enable video calls.”, don’t click it! Send your friend a message that they have been tricked.

I am sure this won’t be the last scam targeting folks who wish to use Facebook’s new service. Never download executables or other content proclaiming to enable the service.

Keep your eyes on Naked Security or our Facebook page for updates describing how to install the real service once it is available.

Smiley hats and free Vans scams flood Facebook

Posted on


Vans and smiley hatHundreds of thousands of Facebook users have been fooled into believing that they will receive a hat with a large smiley face on it, and could potentially be putting themselves at risk of being scammed in the process.

Over 300,000 people so far have been tricked into liking a Facebook page, and sharing the link with their friends, in the dubious belief that they will be sent a free smiley hat to promote a firm’s new clothing line.

Smiley hat Scam

The message reads:

First 750,000 Get a Free Smiley Hat To Help Promote Our New Clothing Line.
‎1 - Join The Page 2 - Click on the share button (bottom left hand side of the page) You must do this too get your FREE hat! 3 - Write on the wall what color you want ( White - Black - Red ) 4 - After roughly 6 hours, you will have an email sent to your facebook account for shipping information 5 - Enjoy your NEW hat! :) ** All Countries Can Get Their Hat **

Scam Facebook page

Sure enough, if you follow the page’s instructions you will share it with your Facebook friends – thus helping the message to spread virally.

Facebook Scam being shared

But do you really believe that you are going to be sent a smiley hat? And who is this un-named company that is planning to ask 750,000 people for their name and postal address? Is it possible they are planning to do anything else with that information if you hand it over to them?

And what – seriously – are the chances that they are going to spend the money shipping that many hats to people who don’t even know what brand it is that they are promoting.

It all sounds very strange to me – and there is clearly an opportunity for a scam. For instance, once the organisers of this page have created their fan club of 750,000 user they could send a message to all of them containing a malicious link or a pointer to a phishing site.

And take a look at this.

There has been another message spreading rapidly across Facebook, claiming that there are 200,000 free pairs of Vans shoes up for grabs – and it’s using a very similar message.

Vans Scam

First 200,000 Get A Free Pair Of Vans To Help Promote Our New Range.
‎1 - Join The Page 2 - Click on the share button (bottom left hand side of the page) You must do this too get your FREE Vans! 3 - Write on the wall what colour and size you want! 4 - 31 days after you join you will have an email sent to your facebook account for shipping information. Once again this will only happen if the page has been shared. ** All Countries Can Be Shipped To **

Hmm.. seems to me that the similar wording and modus operandi is far from a coincidence. And the Facebook pages have a very similar design – it’s just the bait which has been changed.

Vans Scam page

And if you dig around a little, you’ll find that Vans themselves have warned that the promotion is nothing to do with them.

Statement from Vans Europe

Vans say that you will not get the shoes if the you like the Facebook page, and that the messages are entirely bogus. I strongly suspect that the smiley hat messages fall into the same category.

If you “Like” a page run by scammers, they can use it as a way to communicate with you – and potentially pass dangerous web links or attempt to steal personal information from you.

Don’t make it easy for the criminals on Facebook, and always think hard before believing every “sounds-too-good-to-be-true” offer on the social network.

If you use Facebook and want to get an early warning about the latest scams and attacks, you should join the Sophos Facebook page where we have a thriving community of over 100,000 people.

Ex girlfriend Facebook scams use shocking imagery, but spread quickly

Posted on


It’s turning into quite a bad weekend for Facebook with chain lettersphishing attacks and now the promise of hardcore videos being used to spread scams virally across the social network.

The following messages are currently appearing very rapidly. We’ve had to obscure the thumbnails as many people will find them disturbing.

Ex girlfriend video scams on Facebook

Here’s what the messages typically say:

[Video] - This is what Happend to his Ex GirlFriend!
[LINK]
Play Video! She could not walk properly for days!

and

Look what he did after her Ex girlfriend posted on his wall
[LINK]
lol What true pain both are having at this moment.?

Of course, there are people out there who find such links too tempting to resist. Here’s what they’ll see when they click on the link.

Ex girlfriend video scams on Facebook

It’s the latest in a series of Facebook scams which ask you to click on the word “Jaa”.

The victims probably don’t realise that “Jaa” is Finnish for “Share”, and they’re helping the scam spread to their online Facebook friends. Typically such scams end up with you being taken to an online survey that will earn the scammer money.

Can I respectfully suggest that if you keep falling for scams like this, you try and get your kicks elsewhere on the internet? There’s plenty of photos and videos of naked ladies out on the web which you can peruse at your leisure, without the risk of flooding the newsfeeds of your Facebook friends.

I’ve informed Facebook Security about this latest fast-spreading family of scams. Let’s hope they can take swift and decisive action so their users are no longer at risk.

If you got hit by this scam, make sure you have removed the entries from your news feed (to stop them being shared amongst your friends) and check your profile has not any unwanted “Likes” under your “Likes and interests”.

If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.