Blog Archives

Why are you tagged in this video? It’s a viral Facebook scam , Please Avoid

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook users have been hit by another fast-spreading scam today, pretending to be a link to a YouTube video that they have been tagged in.

Facebook video scam

The scam messages use potential victims’ first names, claiming that they have been tagged in the “Youtube” video.

Phrases used in the attack include:

YO [name] why are you tagged in this video

WTF!! [name] why are you tagged in this video

hey [name] i cant believe youre tagged in this video

hey [name] you look so stupid in this video

omg! [name] why are you tagged in this vid

OMG [name] why are you in this video

Each “video” has a random number of views and likes, but the length of the movie always appears to be 2:34. Eagle-eyed Facebook users might realise something is awry when they see that the links refer to “Youtube” rather than the rather more accurate “YouTube”.

But if you do make the mistake of clicking on the video thumbnail you will be taken to a webpage which tries to trick you into cutting-and-pasting a malicious JavaScript code into your browser’s address bar (this appears to be one of the scammers’ favourite methods of attack at the moment).

You have to concede, it’s a cunning piece of social engineering by the bad guys. Wouldn’t you want to see a video that your Facebook friends say you have been tagged in?

If you’re a regular user of Facebook, make sure you join the Sophos page on Facebook to be kept informed of the latest security threats.

Source :- http://nakedsecurity.sophos.com

Visit the New Facebook? Hacker warning spreads like wildfire on social network

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook users are posting warnings to one another about a hacker operating on the network, using the offer to “Visit the new Facebook” to break into pages and kick out the page’s legitimate administrators.

Unfortunately the alerts do not include enough information to be useful, and members of the public may be unwittingly perpetuating a hoax in the belief that they are helping their friends, family and online chums avoid a nasty virus infection.

Visit the new Facebook warning

THIS NOTICE IS DIRECTED TO EVERYONE WHO HAS A PAGE ON FACEBOOK: IF SOME PEOPLE IN YOUR PROFILE OR YOUR FRIENDS SEND YOU A LINK WITH WORDS "VISIT THE NEW FACEBOOK '' AND THERE IS THE LINK BELOW, DO NOT OPEN! IF YOU OPEN IT YOU CAN SAY GOODBYE TO YOUR PAGE. IT'S A HACKER WHO STEALS YOUR DETAILS AND REMOVES YOU FROM YOUR OWN PAGE. COPY AND SPREAD THE WORD

Although there are many scams and attacks which spread on Facebook every day, no-one appears so far to actually have gathered any evidence that this one exists – and there is probably more nuisance being caused by users passing on the warning than by any attack which may or may not have happened.

Users believe they’re doing the right thing when they share warnings like this – but unfortunately they haven’t always checked their facts.

Please don’t share security warnings with your online friends until you have checked them with a credible source (such as an established computer security company). Threats can be killed off fairly easily, but misinformation like this can live on for months, if not years, because people believe they are “doing the right thing” by sharing the warning with their friends.

If you’re a regular user of Facebook, be sure to join the Sophos page on Facebook to be kept informed of the latest security threats.

Source :- http://nakedsecurity.sophos.com

Facebook Dislike button spreads fast, but is a fake – watch out!

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Don’t be too quick to click on links claiming to “Enable Dislike Button” on Facebook, as a fast-spreading scam has caused problems for social networking users this weekend.

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

Dislike button on Facebook

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook’s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.

Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

The potential for malice should be obvious.

As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.

Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:

Offer of Dislike button leads you into posting script into your browser's address bar

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Source :- http://nakedsecurity.sophos.com

Dad catches daughters on webcam: Beware viral Facebook video link

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook is being hit by another viral message, spreading between users’ walls disguised as a link to a saucy video.

The messages, which are spreading rapidly, use a variety of different links but all claim to be a movie of a dad catching his daughters making a video on their webcam:

Dad catches daughters on webcam message

[VIDEO] DAD CATCHES DAUGHTERS ON WEBCAM [OMGGGG].AVI
[LINK]
two naughty girls get caught in the WORST moment while making a vid on their webcam! omg!!

The messages also tag some of the victims’ Facebook friends, presumably in an attempt to spread the links more quickly across the social network.

If you make the mistake of clicking on the link you are taken to a webpage which shows a video thumbnail of two scantily clad young women on a bed. The page urges you to play the video, however doing so will post the Facebook message on your own wall as a “Like” and pass it to your friends.

Unfortunately, the new security improvements announced by Facebook this week fail to give any protection or warning about the attack.

Dad catches daughters on webcam message

When I tested the scam Sophos was presented with a (fake) message telling me that my Adobe Flash plugin had crashed and  needed to download a codec.

Dad catches daughters on webcam message

Codec downloadUsers should remember that they should only ever download updates to Adobe Flash from Adobe’s own website – not from anywhere else on the internet as you could be tricked into installing malware.

Ultimately, you may find your browser has been redirected to a webpage promoting a tool for changing your Facebook layout, called Profile Stylez and – on Windows at least – may find you have been prompted to install a program called FreeCodec.exe which really installs the Profile Stylez browser extension.

ProfileStylez

It’s certainly disappointing to see Facebook’s new security features fail at the first major outbreak – clearly there’s much more work which needs to be done to prevent these sorts of messages spreading rapidly across the social network, tricking users into clicking on links which could be designed to cause harm.

Source :- http://nakedsecurity.sophos.com

Hours spent on Twitter? Don’t click on scam spreading virally on Twitter

Image representing Twitter as depicted in Crun...

Image via CrunchBase

Another rogue application is spreading between unsuspecting Twitter users, claiming to tell you how many hours you have spent on on the network.

The messages all look pretty similar, and use a currently trending topic such as Richard Dawkins, Cheryl Cole landing the job of a judge on the US edition of “X Factor”, or it being Mother’s Day in the United States.

Twitter scam

Richard Dawkins --> I have spent: 23.8 hours on Twitter! See how much you have: [LINK]

#zabecca --> I have spent: 20.9 hours on Twitter! See how much you have: [LINK]

Vidal Sassoon --> I have spent: 33.4 hours on Twitter! See how much you have: [LINK]

#5factsaboutmymom --> I have spent: 33.4 hours on Twitter! See how much you have: [LINK]

Even though you may have seen one of your friends tweet out a message like this, you definitely shouldn’t click on the link. It will take you to a rogue third-party application which asks your permission to connect with your Twitter profile.

Twitter scam

If you do authorise the app it will be able to post messages to Twitter in your name, see who you follow on Twitter, grab your Twitter name and avatar, and update your profile. Now, why on earth would you want to give a complete stranger the ability to do that?

Unfortunately, you may be so desperate to find out how many hours they have spent on Twitter (after all, your friends appear to have already been though the process) that you will authorise the application.

Whereupon, the rogue application will tweet the offending message from your Twitter account. When I went through the process on a test Twitter account I run, I found that it tweeted out the message more than a dozen times in less than 30 seconds.

Twitter scam

You may not realise that this is happening, however, as the app is distracting you with a message saying it is processing your results. After some whirring away, it asks you to enter your email address to have your results sent to you.

Twitter scam

Stop right there! (if you haven’t already). Are you seriously going to give these complete strangers access to your email address too? They already know your Twitter account name, and can post to your Twitter page – now they’ll be able to email you as well!

Who knows what they might send you? Their plan might be to send you spam, a Trojan horse, or a phishing attack. They even have the cheek to say watch out for the message in your spam folder!

Twitter scam

I don’t know what the scammers plan to spam out to you, and it could – of course – be weeks or months before they do, but if you want to find out more follow me on Twitter at @gcluley.

These sorts of rogue applications appear to be popping up more and more on Twitter, whereas previously they were mostly seen only by Facebook users.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

Source :- http://nakedsecurity.sophos.com

Lord Gaga video banned? Twitter rogue app spread by scammers

Lady GaGa

Image by ama_lia via Flickr

Scammers are seeding an attack against Twitter users, posing as a banned video of “Lord Gaga” in an attempt to compromise accounts.

Using a selection of newly created Twitter accounts, which have the names and avatars of young women, the tweeted-out messages all look similar:

#pssst Lord Gaga VIDEO BANNED -----> [LINK] #onethingiveneverdone #cnn

Lord Gaga banned video tweets

The mention of “Lord Gaga” refers to a running-joke on Twitter today, about what would happen if Harry Potter villain Lord Voldermort and Lady Gaga hooked up. The hashtags, which can vary, appear to be taken from Twitter’s trending topics in an attempt to reach a wider audience.

Interestingly, in the above screenshot all of the Twitter profiles used to seed the scam campaign have adopted the names of women beginning with the letter “B”: Bianca, Berenice, Betania, and so forth..

It has been no surprise while writing this article to find that the scammers have now run out of “B” names and have moved onto female names beginning with the letter “C”..

These aren’t your usual Twitter profiles, and as can be seen in the example below, appear to be newly created specifically for the purposes of spreading the link.

Twitter attack seeder

What makes the profiles even more suspicious is that the only messages they have tweeted out so far have all been to the same place – a fake YouTube site, which pretends to host the banned video.

Lord Gaga video

Twitter’s security team would be wise to shut down the bogus profiles as soon as possible, before the attack spreads further because rather than playing a music video, clicking on the player will attempt to trick users into giving a rogue application the rights to access their Twitter account.

Would you authorise this Twitter app?

An app called “money works new” hardly sounds like it would be connected to a music video, and you would be wise not to give it access to your account. But, as we’ve seen in the past, Twitter users can be tricked by such an attack into making poor decisions.

Indeed, even Lady Gaga herself appears to have recently fallen foul of such a scam on Twitter.

If you do make the mistake of authorizing the app, the scammers won’t waste any time posting the same message from your account – hoping to entrap more victims.

Rogue app victim on Twitter

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Revoke app on Twitter

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

Source :- http://nakedsecurity.sophos.com

Osama Shoot down video scam spreads on Facebook

A still of 2004 Osama bin Laden video

Image via Wikipedia

Facebook users are being tempted to click on links to what purports to be a video of Osama bin Laden being shot, in the latest in a series of scams exploiting the hot news story of the Al Qaeda leader’s death.

The messages appear as follows:

Osama shoot down video

Watch the Osama Shoot down video

Osama Dead - Censored Video Leaked
on.fb.me
Osama is dead, watch this exclusive CNN video which was censored by Obama Administration due to level of violence, a must watch. Leaked by Wikileaks.

Clicking on the link, however, will not instantly show you some sensational footage of US Navy Seals attacking Osama bin Laden’s compound in Pakistan.

Instead, you’re told you will have to take an online survey.

Osama shoot down video scam

That should be enough to set your alarm bells ringing – as survey scams are a continuing problem on Facebook, earning scammers commission with every survey they manage to trick users into completing.

What’s most interesting about this scam is that they trick you into cutting-and-pasting a line of JavaScript into your web browser‘s address bar.

Not that you’ll realise that you’re doing that, of course. As far as you know all you’re doing is following a sequence of instructions and keyboard presses before you watch the video.

Osama shoot down video scam

But any time you paste a script into your browser’s address bar, you’re effectively running code written by the scammers without the safety net of protection.

Script

Before you know it, you’ll be sharing the news of the “Osama Shoot down video” with all of your Facebook friends, and the scam will be spreading virally.

My guess is that you don’t want to make it so easy for the scammers to run their scripts on your browser – so don’t fall for scams like this.

Be very careful not to be fooled by scams related to Osama bin Laden’s death, not just on Facebook but on other parts of the internet too. Such a big news story always seems to attract the interest of fraudsters and malware authors.

If you want to keep up-to-date on the latest scams, and are a member of Facebook, don’t forget to join the Sophos Facebook page to keep informed about the latest security news.

Source :- http://nakedsecurity.sophos.com/

Unfollowed Me rogue application spreads virally on Twitter

Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network.

Thousands of Twitter users have fallen into the trap of allowing rogue third-party applications access their Twitter accounts, believing that it would tell them how many people have unfollowed them.

42 people have unfollowed me, find out how many have unfollowed you

A typical message reads:

58 people have unfollowed me, find out how many have unfollowed you: [LINK] #rw2011 #duringsexplease #youneedanasswhoopin

See the hashtags? They appear to be currently trending phrases on Twitter – presumably the rogue applications are using them in the messages they spam out in an attempt to trick more users into clicking on the links.

If you do click on the link you are asked to give authorisation for a third-party application to access your Twitter account.

Rogue application on Twitter

Don’t, whatever you do, press the “Allow” button. If you do, then a third party is now capable of tweeting messages in your name to all of your Twitter followers – which spreads the scam virally across Twitter and may result in one of your online friends also having their account compromised.

So, how do the scammers make money? That’s the next piece of the jigsaw.

You’re anxious to find out who has unfollowed you on Twitter. The scammers take advantage of that by presenting a webpage which looks as if it’s about to reveal that information – but is actually designed to make you take an online survey instead.

Rogue application survey scam

The scammers make money for each survey that is completed.

If you were unfortunate enough to grant one of these rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Revoke rogue app rights

(Note that the scammers are using a variety of different applications – so you may see a different name from the one I picture above).

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

Source : – http://nakedsecurity.sophos.com

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.

It leads to a page asking you to verify a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another clickjack-type scheme in which you are asked to type the answer into a box.

Comment-jack security check

It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.

This bypasses Facebook’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”.

Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

Early in 2010 we saw the first attempts at likejacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath.

Facebook Bieber scam wall post

More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours.

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.

As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours — in other words, since this Facebook scam has been making the rounds.

To stay up to date on the latest threats, follow us on Facebook. For advice on how to configure your profile to protect your privacy check out This recommendations for Facebook settings.

Source :- http://nakedsecurity.sophos.com

%d bloggers like this: