Posts Tagged ‘JavaScript’

Profile Stalkers on Facebook? Check out the viral scam that’s spreading

May 21st, 2011

Image via CrunchBase

Another scam is being spammed out across Facebook, tricking users into helping its spread by fooling them into believing they will discover who is secretly viewing their profile.

Using a cartoon image of what appears to be a chimpanzee looking through binoculars,
the messages are being sent from other Facebook users who have already fallen into the trap of clicking on the link and following the scammers‘ instructions.

Clicking on the link contained inside the message (which I have obscured in the screen grab below) is a big mistake, as it takes you one step further into the criminals’ trap.

WICKED! Now you can see who views your facebook profile.. i saw my top profile stalkers and my EX is still creeping my profile every day

Checkout your PROFILE stalkers
[LINK]
Now you can see who stalks your profile daily

If you do click on the link you are taken to a third-party webpage which urges you to cut-and-paste some JavaScript code into your web browser‘s address bar. The page claims that it is your unique code to view your Top 10 Profile Spys – but it’s not true at all.

This is a trick being commonly used by scammers at the moment. If you paste their code into your address bar, it will typically pass the message onto other Facebook users – including your online friends. We recently saw it deployed in a Facebook scam offering a “Dislike” button for instance.

Ultimately scams this typically end up with you being taken to a webpage which asks you to complete a survey – and the scammers earn commission for each survey completed.

Don’t let the scammers make a monkey of you, and don’t risk spreading a scam like this to your online friends.

Source : - http://nakedsecurity.sophos.com

 

Tweet

Hottest & Funniest Golf Course Video scam spreads virally on Facebook – beware!

May 20th, 2011

Image via CrunchBase

Another scam is spreading virally across Facebook, posing as a video in a scheme to make money for the confidence tricksters behind it.

The messages show what appears to be a thumbnail of a video showing a man standing closely behind a scantily clad woman to give her golfing advice.

The Hottest & Funniest Golf Course Video - LOL
[LINK]
Watch the Hottest & Funniest Golf Course Video Don\

Another version of the scam uses football rather than golf as the lure:

The Most Funniest & Hottest Footbal Video - Must Watch!
[LINK]
Watch the Funniest & Hottest Footbal Video - Must Watch!

The links in the messages we have seen so far have pointed to a webpage at blogspot.com, although this could – of course – be changed by the scammers in future variations.

If you make the mistake of clicking on the link in the hope that you might see a funny saucy video you will find that you have fallen straight into the scammers’ trap – as your Facebook page has been updated to say that you also “Like” the page, thus sharing it virally with all of your friends.

You will also be encouraged to complete an online survey for “verification” purposes, which in reality only earns commission for the bad guys who kicked off the money-making scheme in the first place.

Unfortunately, when I tested the scam I found no evidence that Facebook’snewly introduced security measures to intercept scams and warn of dangerous links had been effective.

How to clean-up the scam from your Facebook page

If you have been unfortunate enough to have been hit by this scam, here’s how you clean-up.

However, your mouse above the offending entry on your Facebook page and you should see an “X” appear in the top right hand corner of the post. You should now be able to mark the post as spam (which will remove it from your page).

Unfortunately, this hasn’t also removed the page from the list of pages you like, so you will need to edit your profile to manually remove it. You should find it listed under “Activities and Interests”.

Be sure to remove any other pages you don’t recognise in that list also.

Source :- http://nakedsecurity.sophos.com

Tweet

Why are you tagged in this video? It’s a viral Facebook scam , Please Avoid

May 17th, 2011
Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook users have been hit by another fast-spreading scam today, pretending to be a link to a YouTube video that they have been tagged in.

Facebook video scam

The scam messages use potential victims’ first names, claiming that they have been tagged in the “Youtube” video.

Phrases used in the attack include:

YO [name] why are you tagged in this video

WTF!! [name] why are you tagged in this video

hey [name] i cant believe youre tagged in this video

hey [name] you look so stupid in this video

omg! [name] why are you tagged in this vid

OMG [name] why are you in this video

Each “video” has a random number of views and likes, but the length of the movie always appears to be 2:34. Eagle-eyed Facebook users might realise something is awry when they see that the links refer to “Youtube” rather than the rather more accurate “YouTube”.

But if you do make the mistake of clicking on the video thumbnail you will be taken to a webpage which tries to trick you into cutting-and-pasting a malicious JavaScript code into your browser’s address bar (this appears to be one of the scammers’ favourite methods of attack at the moment).

You have to concede, it’s a cunning piece of social engineering by the bad guys. Wouldn’t you want to see a video that your Facebook friends say you have been tagged in?

If you’re a regular user of Facebook, make sure you join the Sophos page on Facebook to be kept informed of the latest security threats.

Source :- http://nakedsecurity.sophos.com

  • Why are you tagged in this video? It’s a viral Facebook scam (nakedsecurity.sophos.com)
  • I Can’t Believe You Are In This Video Facebook Scam Spreading (techie-buzz.com)
  • DAD CATCHES DAUGHTER ON WEBCAM – Beware Facebook Viral Scam! (itinfoguide.wordpress.com)
  • Dad catches daughters on webcam: Beware viral Facebook video link (pratyushkp.wordpress.com)
  • OMG Look What This Kid Did To His School Facebook Scam Spreading (techie-buzz.com)
  • Viral Scam Link Hits Facebook – Dad catches daughters on Web Cam (secboyuk.wordpress.com)
  • Dislike Button Scam Spreads Then Disappears (allfacebook.com)
  • “I can’t believe you’re in this vid” And “Why are you tagged in this video” Spam On Facebook: Reported And Shown In Action (pulkit.me)
  • ‘Enable Dislike Button’ scam spreading on Facebook (zdnet.com)
Tweet

Facebook Dislike button spreads fast, but is a fake – watch out!

May 16th, 2011
Image representing Facebook as depicted in Cru...

Image via CrunchBase

Don’t be too quick to click on links claiming to “Enable Dislike Button” on Facebook, as a fast-spreading scam has caused problems for social networking users this weekend.

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

Dislike button on Facebook

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook’s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.

Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

The potential for malice should be obvious.

As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.

Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:

Offer of Dislike button leads you into posting script into your browser's address bar

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Source :- http://nakedsecurity.sophos.com

  • Facebook Dislike button spreads fast, but is a fake – watch out! (nakedsecurity.sophos.com)
  • Facebook Dislike Button! (itinfoguide.wordpress.com)
  • OMG Look What This Kid Did To His School Facebook Scam Spreading (techie-buzz.com)
  • How to Add a Dislike Button to Your Facebook Page (businessinsider.com)
  • How to keep safe from Facebook scams and spams (mobilegameroids.wordpress.com)
  • No Haters Allowed: Why A Dislike Button Is Not Coming To Facebook (readwriteweb.com)
  • Have you suffered from a fake Facebook link? [Norman Feiner] (ecademy.com)
  • PREVENTING SPAM scam on Facebook does exactly the opposite (pratyushkp.wordpress.com)
  • Bin Laden Scam Video Sweeps Facebook [News] (makeuseof.com)
  • Is your ‘stalker ex’ still creeping your Facebook page? (eset.com)
Tweet