Thursday, January 19, 2012

A Mugful of Scam at Facebook - MalwareCity : Computer Security Blog

A Mugful of Scam

Free Facebook Mug gives scammers an unlimited pass to post threats on users’ walls

Scammers don’t waste any time as they always come up with new ways to avoid the Facebook security measures. As I am writing this post, a new type of scam is making its rounds on social networks, using an original propagation method.
The scam takes advantage of the Facebook option that allows users to post their content by e-mail. The scam bait does not appear to be special as it simply promises a free Facebook Mug.


After clicking the link, the user is taken to a page that requires him/her to hit a couple of Likes, a step this sample shares with other Facebook threats.

As you can see, the page tries to imitate the Facebook style in order to gain users’ confidence. After clicking the required Likes and the Continue button, the user is surprisingly taken to a page that provides details about the inexistent Facebook Mug.

While the latest Facebook scam waves have chosen the shorter “install add-on” approach, this kind of threats generally requires that the user go through at least one more step before they get to the core scam action. I believe that in this case the all of the other intermediary steps are skipped  because the scam authors want to avoid raising suspicion and because they probably assume that providing details about the item makes it seem more real to the user.

Next comes the most interesting part of the scam: a step-by-step guide to obtaining the e-mail address that Facebook provides to each user for e-mail posting purposes.

Following the information on this page, I obtained my Facebook e-mail address or ID, which I was then prompted to enter on the scam page.

Providing this piece of information to scammers is a big mistake as they would then be able to post anything on your Facebook Wall. Even if it does not provide direct access to an account, in some ways, having this e-mail address is better than having your Facebook password. Here’s why:

1. Facebook has set up GeoIP security measures intended to block scammers from logging into hijacked accounts. Even if the highjacked account is not blocked, the account owner will at least receive an e-mail from Facebook warning him/her about the suspicious activity, which might prompt him/her to stop the hack.
2. Posting by e-mail does not prompt any warning from Facebook. Users might not notice the scam posts on their Walls until they visit their own Facebook profiles.
3. Scammers can easily post on Facebook in users’ name by sending in e-mails. Automatic posting by means of a software/script from within a browser is much more complicated.
4. The same scam can be distributed to a vast number of users just as spam.

The fact that the scam eventually reaches the fake survey step won’t matter much after all this.

An important wave of stolen e-mail addresses posting scams is sure to prompt additional security measures from Facebook, but how many users will have already been affected by then?

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.


Posted via email from Tony Burkhart

No comments:

Post a Comment