The Latest in IT Security

A New Facebook Scam to Threaten Users

05
May
2012

Doctor Web, a Russian IT security vendor, warns about a new scheme of scam and fraud to emerge in Facebook, the world’s most popular social network. Attackers have adopted the scheme notoriously known to Russian participants of Vkontakte and Odnoklassniki social networks, and created a special application for Facebook called Profile Visitor, which requests access to a user’s wall, promising to show the list of those who visited his page. But in fact, this application posts a picture containing a link to the fraudulent website instead. In their turn, the victim’s friends on Facebook are notified that they are alleged to have been marked in this picture, which extends the spread of the malicious link.

When visiting his page on Facebook, a user can have a look at the news feed and find a link to the Profile Visitor allegedly capable of recording and showing visitors of his profile on a special web page. As a rule, that link is published on behalf of a friend of the user, and leads to a Facebook embedded application page. To activate the application, it needs to be allowed to publish content on behalf of the user account. As soon as an unsuspecting victim clicks Allow, a link to the application posted on his behalf will appear on the wall of his profile and in the news feed of all of his friends as well. However, even if the user does not allow Profile Visitor to publish anything on his behalf, everyone who is registered in the list of his friends, will be automatically marked in a “picture”, which is actually a Profile Visitor banner link. A notification of the event will be automatically sent out to the contact list on Facebook.

screen

After that, the victim’s browser will automatically open a malicious web page that contains a dynamically changing array of links. Clicking on any of them, the user will be redirected to a variety of fraudulent websites whose content depends on the visitor’s IP address. For example, some of them require your credit card details to allow access to the information, while others want you to enter your own phone number into a special form, and then type a code received in a reply SMS in the corresponding field. This method is mostly practiced in regards of Russian-speaking visitors: that’s how scammers sign up a victim to a kind of a paid “information service”, for the provision of which a certain amount will be debited from a victim’s account on a monthly basis.

screen

By clicking on fraudulent links you can get to resources containing pseudo draws promising a variety of prizes, online casinos, psychological tests, individual diet selection services, etc. All of these sites are automatically blocked by the Dr.Web SpIDer Gate filter embedded in Dr.Web products.

screen

screen

Previously, these scams have been repeatedly used towards Russian users of Vkontakte and Odnoklassniki social networks, but now network crooks apparently decided to pay attention to residents of foreign countries. Doctor Web strongly recommends Facebook users not install Profile Visitor and not click on the links with this application, which are published in their news feeds, as well as always be cautious and circumspect.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments