New Facebook scams in 2014

So many Facebook scams in 2014 have been a little worrying even though at first they all seem innocent enough, but these are social scams to lure users in to gain money or access to computers.

One particular Facebook scam this year was the “Robin Williams goodbye video”, which was apparently made before his death. This fake BBC News video is a scam and no such video exists.

The “Robin Williams goodbye video” started to circulate on Facebook and asks users to share the video before they can watch it, DO NOT click on it. There is no video so no point on sharing it, Symantec explains in detail that when Facebook users click on the video it asks them to either fill out a survey or install an application. When the survey is complete the scammers gain money for each one completed.

Robin Williams goodbye video


Do not open any app offering to change your Facebook’s color because it is a scam. The Facebook color blue may be getting a little boring for some and may like a change; this is where a new web app could come in handy.

If you come across the “Facebook color changer” or “Facebook Colour Changer” DO NOT open this at all, it will hijack peoples Facebook accounts. It has already been reported it has accessed over 10,000 FB accounts so far; this is malicious software done in two steps. The first step process is when users click to allow the app access to the users Facebook profile, the second step is where the first step has been declined and asks the user to download anti-virus software.


Facebook profile color changer scam

If anyone has followed the tutorial video on how to use the “Facebook colour changer” it is advised to change passwords immediately, you should also remove the app from your profile from the Facebook app settings.

Another Facebook scam will trick users and then access accounts, in a nutshell you basically hack yourself. It cleverly lures Facebook victims into believing they can access anyone’s account using three simple steps. The scam starts of by asking users to open Facebook in a web browser then visit the person they wish to hack, with a few simple steps such as right-clicking anywhere on the page after doing the above and then via the pop-up menu select “Inspect Element”. Once this has been done it will open an HTML editor, it is within this editor users are instructed to copy-paste a string of code provided – The code does not work, never has and never will.

Whilst on the subject of Facebook scams we recommend you keeping an eye on these ones, anything to do with these please do not click on them. 1) A Facebook app that allows you to see total profile views and visitors, 2) There is another scam titled ‘Rihanna sex tape with her boyfriend’, 3) Free-T-shirts when you Check my status update (Just another scam), 4) You can check if a friend has deleted you.

The above are only a few Facebook scams, there are thousands but these are more recent. Do NOT click on anything you are not sure about, especially when it says share this video to view it (Unless it is a trusted website).

What Facebook scam have you come across lately?

Fake Skype app on Android is malware

ZDNet Wrote:

skypelogoA new piece of malware is trying to take advantage of Skype’s increasing popularity, especially on mobile devices. Cybercriminals have created a fake version of the Skype for Android app, designed to earn money from unsuspecting users. Trend Micro, which first discovered the malware, is calling this particular threat JAVA_SMSSEND.AB.

The Java in the name should not surprise you, given that Android apps are primarily developed in a custom version of the programming language. Thankfully, this is not a very good fake. The app in question only runs on older (pre Software Installation Script) Symbian phones or Android devices that allow execution of Java MIDlet.

The cybercriminals behind this scheme have set up fake websites advertising fake Skype apps. Most of the sites are hosted on Russian domains (.ru) but the fake apps themselves are hosted on Nigerien domains (.ne).

The reason this is not a good fake is that instead of an .apk file (the expected package file for Android apps), users are served up with a .jar (Java MIDlet). While the app poses as an installer for Skype, what it really does is install a piece of malware. The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue.

Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Skype link:

Automated Skype calls and Fake Antiviruses

This is an old story back from September, 2011, but since recently I’ve seen users complaining about this, I want to share it again [Credit to NakedSecurity, SophoLabs]:

You may have received an automated call from a user who claim to be from Skype or somewhere which says:

“Attention: this is an automated computer system alert. Your computer protection service is not active. To activate computer protection, and repair your computer, go to [LINK]”

Indeed that’s a scam and visiting the link will lead to getting infected by Fake Antivirus (Scareware), the website claims that you are not properly protected – and it urges you to install its software (a steal at $19.95).


To stop such calls in the future you can set your privacy options to only allow calls from your contacts:


Here is a video that show an example of these calls:

Hackers use fake Facebook cancellation emails to deploy malware

H-Online: fb-malwareA new type of phishing strategy, which aims to trick unsuspecting users into installing a trojan by pretending to be an account cancellation request from Facebook, has been discovered by Sophos. The email messages link to a third party application on the site that will install a Java applet and then prompt the user to update their Flash player, but will actually deliver the trojan malware.

The email messages that are sent out claim to be from Facebook and state: “We are sending you this email to inform you that we have received an account cancellation request from you.” However, Facebook never sends such account cancellation confirmation messages via email. Users who want to cancel their Facebook account can do so by visiting to deactivate their account; they may later delete it after a cool down period has passed.

The malware preys on the fact that many users value their Facebook account highly and do not want it to be deleted. If they follow the link, they get prompted to install a Java applet. If they choose not to do so, the application will keep nagging until the user agrees to the applet being installed. Next, the user will see a message that they need to update Flash Player – this will actually install a trojan onto the system which allows the hackers to take over the machine and integrate it into a botnet. According to Sophos, the most commonly installed trojans are SpyEye-B and Agent-WHZ.

Phishers Offer Fake Storage Upgrades

Symantec Connect: Customers of popular email service providers have been a common target for phishers for identity theft purposes. Phishers are constantly devising new phishing bait strategies in the hope of stealing user email addresses and passwords. In April 2012, Symantec observed phishing pages that mimicked popular email services in an attempt to dupe users with attractive storage plans.

Customers were flooded with fake offers of free additional storage space for services such as email, online photo albums, and documents. In the first example, the phishing site was titled “Welcome to New [BRAND NAME] Quota Verification Page”. According to the bogus offer, the additional storage plan ranged from 20 GB to 1 TB per year, at no extra cost. The phishing page boasted that the free additional storage plan will help customers prevent loss of data and the inability to send and receive emails due to exhausted storage space. It also stated that the plan will auto-renew each year and the customer can choose to cancel at any time by returning to the same page:


To avoid customer suspicion when the bogus offer doesn’t materialize, phishers used a time-buying strategy. They indicated that customers would be contacted 30 days prior to renewal and also that the upgrade process will take effect in a 24-hour time span. After user credentials are entered, the phishing page redirected to a page which confirmed the upgrade was initiated and complete. The phishing page then redirected back to the legitimate service website:


Similar phishing pages were observed spoofing other email services. The phishing site in this second example is titled “Obtain Free Additional Storage”. The same bait was used here as well:


To gain customer trust, the email address field was auto-populated on the fake page and is also concealed in the query string. Looking deep into these scams, it is evident these phishing scams are targeted attacks. By randomizing the email address in the query string of the phishing URL, the same phishing page can be used for targeting multiple users. Below is the URL format:


Internet users are advised to follow best practices to avoid phishing attacks:

  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software which protects you from online phishing.

WikiPharmacy? Fake Notifications Spammed Out

Symantec Connect: Symantec is intercepting a resurgence of spam attacks on popular brands. Spam messages that are replicas of the Wikipedia email address confirmation alert are the new vector for the present. The said spam messages pretend to be originating from Wikipedia, and are selling meds, with the following subject line: “Subject: Wikipedia e-mail address confirmation”.

The spoofed Wikipedia page is a ploy to give legitimacy to the sale of meds online. The embedded URL in the message navigates to a fake online pharmacy site that is dressed up as a Wikipedia Web page. Furthermore, to give the email a legitimate look, the spammer has added the recipient’s IP address in the body of the spam mail. Needless to say this IP does not belong to the user.


Figure 1: Part of the spam message



Figure 2: An example spam message



Figure 3: The corresponding WikiPharmacy Web page


This is another social engineering tactic where popular brands are exploited for spamming. Symantec anticipates a surge of such attacks due to increasing popularity; a trick used by spammers from time to time to make their clandestine efforts look legitimate.

Beware of any purchases from such sites as it will put the user’s personal and banking information at risk. We recommend users not click on any URLs from such unsolicited emails.

Fake Discount Cards

Symantec Connect: Phishers are constantly developing new strategies in an effort to trick end users. In April 2012, phishers created sites spoofing the Apple brand with fake offers for Apple discount cards. In this phishing attack, customers were targeted by region: namely, the UK and Australia.

article thumbnail

The phishing sites mimicked the webpage of Apple and prompted customers for their Apple ID. The phishing page stated the customer’s long-term loyalty toward the brand gave them eligibility for an Apple discount card as a reward. Upon entering an Apple ID and clicking the “Next” button, the customer was redirected to a page that asked for more confidential information:

article thumbnail2

Here, the phisher explained that with a discount card worth 9 Australian dollars (rewarded to the customer), they can receive credit for 100 Australian dollars at any Australian Apple store or on Apple’s Australian website. To accept the offer, customers were asked to provide their personal and credit card information. Personal information included full name, address, date of birth and driver’s license number. Credit card information included credit card number, expiration date, 3 digit security code and secure code password. After clicking the button titled “Submit and get your 100 AU$ Apple Discount Card”, the phishing page redirected to the legitimate Apple website.

The same phishing site was observed targeting UK customers with a discount card of 100 British pounds:

article thumbnail3

If users fell victim to the above phishing sites by entering their login credentials, phishers would have successfully stolen their information for financial gain.

  • Internet users are advised to follow best practices to avoid phishing attacks:
  • Do not click on suspicious links in email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • When entering personal or financial information, ensure the website is encrypted with an SSL certificate by looking for the padlock, ‘https’, or the green address bar.
  • Frequently update your security software (such as Norton Internet Security 2012) which protects you from online phishing.

Sex Appeal Meter Scam and Execution Hoax Abound on Facebook

Cross posted from GFI, Sunbelt Blog:

There’s not a day when we don’t see a new scam or hoax—yes, even the old ones—being proliferated on Facebook. I’ve seen both today. Let’s take a quick look at each one, shall we?

First off, the scam:


The screenshot above is a post generated by the “Sexappeal Meter” app that have spread within the social network. Clicking the “How much Sexappeal you have” link, or sometimes a shortened URL, leads users to a page where it requests for permission just like any normal app. Allowing the app access to user profile, however, leads to two succeeding survey scam pages and, eventually, to a page where one can download a browser toolbar.



The first survey scam page is displayed only to users in certain geographical regions, so it’s possible that, say, one in the Netherlands won’t be able to see it; however, this doesn’t mean that they are “less compromised” than those regions this app targets. Access to basic user information and posting rights on Walls granted to the scammers behind “Sexappeal Meter” can be used for malicious purposes. Users who fell for this are advised to change their passwords as soon as possible.


Hoaxes can be really believable and viral if they’re timely and if they tug at the heartstrings. The case of Youcef Nadarkhani, the pastor who was set to be executed in Iran, is one such example of a good “come hither”.


Christian Pastor Youcef Nadarkhani has been executed in Iran. He is the pastor who has been imprisoned and found guilty by the courts in Iran of being a Christian. Now he’s been executed in spite of international appeals to spare his life. He was hanged today. Where is the outcry from the White House over the murder of this innocent Christian minister? Where is the outcry from the church in America and around the world? The silence is deafening!

This hoax is found to be making rounds on Tumblr as well:


According to Hoax Slayer, the image used in the hoax has been around since April of 2011. As of this writing,the pastor is pretty much alive and well.

Before sharing something on any social network, especially if they’re related to news, it pays to be diligent in searching online for more details first. We don’t want to be bearers of bad news,  particularly bad news stuffed full of false claims.

Stay safe and surf smart!

Free Stuff on Social Networks Not Free

Symantec Connect: In recent years, scammers have flocked towards social networking sites as they have grown and made it easier to access a large number of potential eyeballs to convert into dollars. Brands have found value in leveraging social media to know what their customers are talking about, so, naturally, scammers are doing the exact same thing.

Free iPads and iPhones

Every time Apple unveils a new iPad or iPhone, you can bet there are scammers out there trying to leverage the announcement for financial gain. In the days leading up to and after the announcement of the new third-generation iPad, Twitter users who tweet about the new tablet most likely will receive some targeted Twitter replies from scammers offering the new device for free:


Many of the links are often masked behind URL shortening services. These links actually lead to affiliate pages asking for personal information, such as email address and shipping information. However, some scammers have also begun to send users to instructional videos on YouTube. The videos guide users through a step-by-step process to get their free iPad or iPhone. Scammers then use the video description section to link to the affiliate pages:


Users can report these videos to YouTube by flagging them as inappropriate and selecting the “scams / fraud” option under the Spam category.

Free gift cards

Another common lure that scammers use on social networkers is to offer free gift cards. For instance, any time a user mentions particular brands on Twitter, scammers target them with Twitter replies enticing free gift cards:


Some of the brands presented in these scams include retailers of consumer electronics, women’s intimate apparel, and a large discount department store.


The above set of scams have relied on fake accounts posting links which lead to affiliate branded pages. For example, we saw scammers sending users to YouTube to follow a how-to video (likely a consequence of social networking sites improving their detection mechanisms to weed out direct links to these scams before they have a chance to see the light of day).

Recently, however, scammers are using a new trick to evade detection.

Fake promotional user accounts

Unlike the previous examples, where a Twitter user posts about a certain brand and receives a targeted reply with a link, users are now being directed to fake branded Twitter accounts:


Instead of seeming like a scam link, this message now looks more like it is part of a conversation with an actual (and clickable) brand. In the above example, a user posted about the Macy’s brand and, in reply, that user receives a Twitter reply directing them to what claims to be an official account for Macy’s:


Read the fine print

Misleading users, of course, is the goal of these scam campaigns. Not only are the brands misrepresented here, but the affiliate programs these scammers are part of state only in the fine print what someone can expect when responding to these offers:

image6.article thumbnail

The fine print (red box above) reads:

[Site] is an independent rewards program and not associated with any of the above listed merchants or brands. The above listed merchants or brands in no way endorse or sponsor [Site]’s offer and are not liable for any alleged or actual claims related to this offer. The above listed trademarks and service marks are the marks of their respective owners. [Site] is solely responsible for all Gift fulfillment. In order to receive your gift you must: (1) Meet the eligibility and (2) complete the rewards bonus survey (3) complete a total of 5 Rewards Offers as stated in the Terms & Conditions (4) not cancel your participation in more than a total of 2 Reward Offers within 30 days of any Reward Offer Sign-Up Date as outlined in the Terms & Conditions (the Cancellation Limit) and (5) follow the redemption instructions.

The “Rewards Offers” listed in the fine print includes signing up for a trial membership to various subscription services as well as making qualifying purchases. So, after all is said and done, the free iPad and the free Starbucks Gift Card isn’t free after all.

If you are a Twitter user and you receive replies from suspect Twitter accounts promising you something for free, protect yourself and others by reporting the account to Twitter as shown below:


New Dr Who girl Jenna-Louise Coleman’s name exploited by Twitter sex video scammers

jenna-louise-coleman-170SophosLabs: Jenna-Louise Coleman has been unveiled as the new “Doctor Who” companion, joining the BBC TV time traveller in his TARDIS later this year.

“Doctor Who” is one of Britain’s biggest television shows, and is popular elsewhere around the world, so it was no surprise to find 25-year-old actress Jenna Louise-Coleman’s name was a trending topic on Twitter today.

Unfortunately, there are frequently mischief-makers, scammers and cybercriminals waiting to exploit a popular search term or hashtag.

For instance, see these messages mentioning Jenna-Louise Coleman and referring to sex videos:


Human nature being what it is, you probably wouldn’t be that surprised if some sci-fi fans clicked on the links out of err.. curiosity.

However, the webpage you are taken to doesn’t have any content (pornographic or otherwise) related to the Time Lord’s latest sidekick. Instead, you’ll find what appears to be a portal for an Asian hardcore porn video website.


Clicking on the video thumbnails is definitely ill-advised. When I examined the page, I found that each of the videos were masking a secret Twitter follow button.

Unsuspecting site visitors are being tricked through a clickjacking exploit into unwittingly following a Twitter account.

Browser plugins such as NoScript can help protect against clickjacking, and warn you about the true intentions of webpages such as this.


Of course, the scammers could just have easily transported you to a webpage containing malware, a survey scam or a rogue application. The point is that you should always be cautious about the links which you click on.

Of course, it’s Jenna-Louise Coleman today and will be someone else tomorrow. Twitter spammers are simply grabbing the latest trending topics and shoving them in their tweets in the hope that users will stumble across them and fall into their trap.

If only we could dematerialize the bad guys to Metebelis III or throw them into a chronic hysteresis and never be troubled with them ever again..