In the online world, one person's loss may well be another's gain. Scams on social networking sites like Facebook buttress this view. News of the tragic Norway events last week, and the untimely death of five-time Grammy award winner Amy Winehouse, who was found dead in London on July 23, are cases in point.
Scams taking advantage of the tragic Norway attacks surfaced within days of the attack. However, Facebook has cleaned out these instances, notes Websense Security Labs. A new social media fraud—‘look at footage of Amy Winehouse just moments after her death’—is going strong on Facebook.
“This type of a scam is a survey scam, through which users are lured to complete a survey, in return for which they are promised an exclusive video or footage. Completion of the surveys puts some money in the scammer's pockets, while users completing the surveys are never shown the promised videos or footage,” says Websense.
Security firm Symantec confirms the trend. It has observed spammers trying to capitalise on related news headlines by sending out malicious threats less than a day after the news was released, according to a post on its official blog. Attacks in Portuguese use similar spam techniques. All samples are sent from randomised individual email accounts with various subject lines related to the celebrity's death in an attempt to lure interested readers to open a malicious URL. Immediately after the link is clicked, a pop-up window asks users to download a file that is loosely disguised as an image or a video file (anything other than an executable file).
The file is given a name that is related to the celebrity, and isn't an image or video file, but a malicious binary. Symantec has detected the threats in these samples as Infostealer.Bancos. Symantec cautions recipients to be wary of emails that come from an unexpected source, especially emails related to Winehouse's death.
“Most of these apps would automatically post messages on the victim's wall and on his friends' walls in order to trick as many people as possible into clicking (and inadvertently spreading it on). Attention-grabbing messages, combined with platform-specific actions, which have turned into genuine online reflexes (from a mere click, to a tag and, more recently, the creation of an event), make for the perfect scam,” George Petre of BitDefender, a software security solutions provider, writes on an official blog.
The security solutions provider has even launched a free social media security app, Safego, which allows users to prevent tagjacking and eventjacking scams and keep their social network accounts safe. Using in-the-cloud scanning, Bitdefender Safego protects users' social network accounts from all social scams, spam, malware and private data exposure.
More From This Section
Cybercriminals have exploited the popularity of social networking sites this year, with new scams emerging every month. Likejacking was another such recent social-media based attack that spread on Facebook. It appears along with the 'Like' function on the social media site, which account holders could use to create lists of objects they like. “Clicking on an attractive link, the users end up on a page which includes JavaScript; a click anywhere on the page activates the 'Like' function, sending a link to the page to everyone in the user's friend list. This means the number of visits to the site would snowball, and cybercriminals were paid for the increase in traffic by a certain advertising company,” explain Kaspersky experts.
Kaspersky Lab, in its report on information security threats in the second quarter of 2010, claims the company's products blocked more than 540 million attempts to infect computers around the world. “The countries most targeted were China (17.09 per cent of all attacks), Russia (11.36 per cent), India (9.30 per cent), the US (5.96 per cent) and Vietnam (5.44 per cent),” according to Kaspersky Labs.
Experts believe as social media sites are being accessed over mobile devices—industry reports suggest close to 40 per cent mobile users use social networking apps on their handsets—more scams would emerge. Venkatasubrahmanyam Krishnapur, senior director of engineering (consumer), McAfee, says, “Users should exercise extreme caution when it comes to clicking on links that are sent even by 'trusted' friends through e-mails or on social networks. The 'Like' feature on Facebook has been used to propagate imitations of Google+ invitations which are actually bad links. This is usually in the form of short URLs that are potentially links to malware sites that the user is unable to spot.”