Posts Tagged ‘Graham Cluley’

Baby Born amazing effect? No, another Facebook likejacking scam

Published by pratyushkp on May 28th, 2011 - in Social, Technology

Image via CrunchBase

Messages are spreading rapidly across Facebook, as users get tricked into clicking on links claiming to show an amazing video of a big baby being born.

The messages are spreading with the assistance of a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing a “Like” button to pass the message onto their online friends.

A typical message looks as follows:

Baby Born Amazing Effect - WebCamera
[LINK]
Big Baby Born !

(Note: Graham Cluley have obscured the thumbnail used in the messages, as some may find it offensive because of its err.. anatomical nature.)

The links we have seen so far all point to pages hosted on blogspot.com, and appear to contain a video player that you are urged to click on.

The pages are headlined: “Baby Born Video – Amazing Effects”.

See the message at the bottom of the page? It reads:

If Play Button don't work please click on the Like button and Confirm, then you can watch the Video.

It’s at this point that the clickjacking scam plays its part. If you try to play the video then you will be secretly and unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally.

It’s a shame that Facebook’s own security measures don’t warn about this clickjacking attack.

If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:

Unfortunately, thousands of Facebook users appear to have fallen for the scam – and are helping the links spread rapidly across the social network.

Here’s how you can clean-up your Facebook page.

Find the offending message on your Facebook page, and select “Remove post and unlike”.

Unfortunately that doesn’t completely remove the interloping link. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.

If only folks were more careful about the links they clicked on when using Facebook.

Source :- http://nakedsecurity.sophos.com

  • Baby Born amazing effect? No, another Facebook likejacking scam (nakedsecurity.sophos.com)
  • Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl (pratyushkp.wordpress.com)
  • Facebook announces new security features (blogoholic.in)
  • Hottest & Funniest Golf Course Video scam spreads virally on Facebook – beware! (blogoholic.in)
  • It’s a Facebook clickjack scam (eclectomania.wordpress.com)
  • Facebook announces new security features (pratyushkp.wordpress.com)

Twilight Breaking Dawn FB Scam Spreads Virally

Published by pratyushkp on April 12th, 2011 - in Social, Technology
Image representing Facebook as depicted in Cru...

Image via CrunchBase

Lures 13 year old girls into clicking Like button to play a non-existent game

If 13 year old girls have access to your computer, it would bode well to read what follows very carefully. While the Nigerians have been scamming the gullible ones amongst us using money as bait, certain enterprising scammers on Facebook have found that Stephanie Meyer s Twilight series works even better on 13 year old girls. That s quite a brilliant idea as 13 year old girls seem to constitute 90% of the Facebook demographic.

Note: By 13, we mean intellectual maturity and not just basic biological age, and by girls we mean the men, women and children who read/watch the glittering, manic-depressive, plastic faced vampires, as they butcher the vampire/lycan mythos with an emo Mills and Boon treatment.

The scam tricks 13 year girls into clicking the Play Now button that purports to let them try out the game for the upcoming Hollywood adaptation of latest Stephanie Meyer horror, “Twilight: Breaking Dawn“. The Play Now button is a disguised Like button to a non-existent game, which causes the scam to spread like a Justin Bieber single amongst 13 year old girls.

The scam continues with users then being presented with a dialog box, asking them to grant permission for a third party application to access their Facebook account and post messages, updates and photos to their wall.

“Of course, if you’re a fan of “Twilight” you will quite possibly grant permission without thinking,” said Graham Cluley, Senior Technology Consultant at IT security and data protection firm Sophos. “The only problem being that this isn’t a legitimate application request, but is being done by a rogue app that wants to make money out of your devotion to the works of Stephenie Meyer’s series of novels. Predictably, having gained the ability to post to your Facebook account, the scammers then present the final piece of the jigsaw: an online survey which earns them affiliate commission for each person who completes the questionnaire.”

Having read this warning, does it mean that you will be able to stop your 13 year old girl from being clickjacked by the lure of an Edward Cullen Twilight game? This is as aggravating as it is an exercise in futility, because the truth is that 13 year old girls are an unstoppable force.

Source : http://www.techtree.com/India/News/Twilight_Breaking_Dawn_FB_Scam_Spreads_Virally/551-115079-643.html

 

  • The Twilight Breaking Dawn Facebook scam (nakedsecurity.sophos.com)
  • Scam Alert: Twilight: Breaking Dawn Facebook game is fake (games.com)
  • Breaking Dawn Attack: What You Need to Know to Avoid Getting Bit (pcworld.com)
  • Twilight Game Scam Spreading on Facebook [WARNING] (mashable.com)
  • Twilight Game: Facebook Scam Of The Day (blogherald.com)
  • Olive Garden food photo tagged you on Facebook? It’s a viral scam (nakedsecurity.sophos.com)
  • More Facebook scams (chainmailcheck.wordpress.com)
  • Facebook Photo Tag Scam (twtface.wordpress.com)
  • Today’s Trending Topics! April 11 (q104.radio.com)
  • Quick Hits: Watch Out for Twilight Facebook Scam (michaelfertik.com)

Over 10 Million Scammed On Facebook

Published by pratyushkp on April 10th, 2011 - in Social, Technology

Were invited to a bogus event

Spammers have invited over 10 million Facebook users to fake events in yet another attempt to generate income from online survey scams according to a report by the IT security and data protection firm Sophos. Even as we file this report, the scam is in progress and several thousand unwitting Facebook users are falling prey to it.

One of the event known as “Who blocked you from his friend list?” has already tricked over 165,000 people into signing-up, with an astounding 10.3 million users still deciding whether or not to respond. Scammers embed instructions into the ‘More info‘ section of the event’s summary and this convinces Facebook users to unwittingly visit the webpages for online surveys or competitions, which are a source of revenue for the scammers by means of commission. Sometimes, users are asked to provide a mobile phone number, and if the user is naive enough to provide it, he/she will most probably end up getting signed up for an expensive premium rate service.

Senior Technology Consultant at Sophos, Graham Cluley said, “These spammed-out event invitations and links to survey scams are one of the biggest nuisances on Facebook right now, impacting millions of users every day. It would be great if Facebook was being more proactive in shutting down these obviously bogus events, as currently it’s far too easy for the scammers to fill their pockets through schemes like this.”

In case you are affected by this scam, then you must cancel your reservation for the event. You must also notify your friends that you have shared a bogus link with them and/or invited them to a fake event. In case you have submitted your mobile phone number, you must contact your mobile service provider and inform them to keep any bogus charges from appearing in your mobile account.

The moral of the story is that Facebook users must beware of such suspicious events and think twice before accepting invitations from an unknown source.

Source : http://www.techtree.com/India/Techtree_Notes/Over_10_Million_Scammed_On_Facebook/551-115050-889.html

  • FB Survey – Bogus Event Requests (twtface.wordpress.com)
  • Millions of Facebook users invited to scam events, as spammers exploit social network (nakedsecurity.sophos.com)
  • In spite of scam, Facebook not ‘closing’ today (msnbc.msn.com)
  • Spammers Using Facebook Events to Trick Users (nytimes.com)
  • Spammers Now Using Facebook Events to Trick Users (readwriteweb.com)
  • WARNING: Facebook Events Become Security Frontier (allfacebook.com)
  • Bogus CNN video scams Facebook users (eclectomania.wordpress.com)
  • Facebook closes today … NOT! (go.theregister.com)
  • Italian Facebook likejacking targets more than 107,000 users and Facebook account confirmation scam returns (nakedsecurity.sophos.com)
  • My Facebook wall has been viewed X times – viral survey scam spreads rapidly (nakedsecurity.sophos.com)

Twitter 11.6 Hours Survey Scam Spreading Virally

Published by pratyushkp on March 5th, 2011 - in Social, Technology

Installs rogue application capable of harvesting your personal secure data

Twitter users beware! According to IT security and data protection firm Sophos, a survey scam is currently plaguing Twitter users and bad thing is that they may not even be aware of it. Twitter users have been advised to be wary of tweets stating that the tweeter has spent 11.6 hours on Twitter and exhorting users to try to find out how much time they have spent on Twitter. The catch is that the user has to click on a link in the message, which takes him/her to a page, which attempts to connect a rogue application called ‘Time on Tweeter’ with the user s account.
The offending links are being circulated on Twitter in messages containing the following text:
“I have spent 11.6 hours on Twitter. How much have you? Find out here: [LINK]“
This application then tweets the same text as above, but this time from the victim’s Twitter account and directs the victim to a page presenting a revenue-generating survey, which is again a scam. While this may seem harmless, it is not really know how much private user information the application may extract and make available to unauthorized people.
Graham Cluley, Senior Technology Consultant at Sophos advised, “Affected users need to revoke the rogue application’s access to their Twitter account immediately, or it will be able to spew out more links from your Twitter page – which could promote spam sites or link to malicious webpages.” He added, “Scams like this are very commonly encountered on Facebook, but are more rarely seen on Twitter – meaning that many users will be sitting ducks to this type of attack.  Although Sophos is in contact with bit.ly about closing down the offending link, it’s possible that the scammers will use other links and other names for their rogue applications.  So be on your guard, and always think twice before allowing a third-party app to have access to your Twitter account.”
  • 11.6 hours survey scam spreads like wildfire on Twitter (nakedsecurity.sophos.com)
  • Beware Top 10 Profile stalkers on Facebook and Twitter (nakedsecurity.sophos.com)
  • Time-wasting twits survey scam hits Twitter (go.theregister.com)
  • Christina Aguilera got arrested video scam spreads virally on Facebook (nakedsecurity.sophos.com)
  • 11.6 Hours Scam Spreading on Twitter [WARNING] (mashable.com)
  • Warning to Twitter users! Scam spreading fast (chatootsboots.wordpress.com)
  • Want to know your total Facebook views? Beware scam spreading virally (nakedsecurity.sophos.com)
  • Facebook stalkers and profile creeps – rogue apps spread virally (nakedsecurity.sophos.com)
  • Sophos warns of surge in social network attacks (v3.co.uk)
  • Facebook – “My 1st Status” Scam spreading (gansec.com)
© Social Media Blog

Ad Plugin made by Free Wordpress Themes