Scams on social networks are nothing new, but they're constantly
changing to keep up with and take advantage of the latest apps, trends,
and news. Here are some of the most recent scams that are making the
rounds.
1. Fake Google+ invitations
While Facebook and Twitter play host
to the majority of social media scams, according to Fabio Assolini, a
senior security researcher at Kaspersky Lab's Global Research and
Analysis Team, there are plenty of scams that can be found elsewhere.
"Scammers use themes such as invitations to new social networks," says Assolini, who pointed to this specific example, which is popular among Brazilian cybercriminals. Targeting Portuguese speakers, attackers have been sending out fake invites to Google+ that contain malicious links to malware, specifically bank Trojans.
Interestingly enough, the body of the invitation also contains a link to a separate web form hosted on Google Docs. It says to fill out the form to send the invitation to your friends, but really it's simply a means perpetuate the scam by collecting names and emails of new victims.
"Scammers use themes such as invitations to new social networks," says Assolini, who pointed to this specific example, which is popular among Brazilian cybercriminals. Targeting Portuguese speakers, attackers have been sending out fake invites to Google+ that contain malicious links to malware, specifically bank Trojans.
Interestingly enough, the body of the invitation also contains a link to a separate web form hosted on Google Docs. It says to fill out the form to send the invitation to your friends, but really it's simply a means perpetuate the scam by collecting names and emails of new victims.
2. Instagram lottery scam
Like Tinder, Instagram is a popular
enough app that there have been multiple scams showing up on the service
recently. One scam is as basic as it gets, as it promises money.
Profiles began popping up around April belonging to so-called lottery winners in both the US and the UK, and they post pictures of the "winning" tickets. The poster writes below the image that he just won millions of dollars and intends to donate a thousand dollars to each of the first 80,000 people that follow him. All they have to do, of course, is leave a comment with their email address.
"I thought, it's got to be a joke, these people can't believe this is going to happen," says Narang. "But I go and look on the comments and I see that people are posting their emails! Do you honestly think this guy is going to send people money just for following him? Yeah, they do!"
Narang said that the scammers even try to double down after getting people to follow their profiles: they link to another Instagram profile and say that it's their accountant's, and that users should follow him to get instructions on how to get their money. Suddenly, the scheme has a monetizing factor behind it, too.
"He goes, 'I'm getting ready to send out checks, but I need you to donate 99 cents for postage to receive your thousand dollars. Click this link," says Narang. "And people were commenting, 'I just sent you 99 cents.'"
Profiles began popping up around April belonging to so-called lottery winners in both the US and the UK, and they post pictures of the "winning" tickets. The poster writes below the image that he just won millions of dollars and intends to donate a thousand dollars to each of the first 80,000 people that follow him. All they have to do, of course, is leave a comment with their email address.
"I thought, it's got to be a joke, these people can't believe this is going to happen," says Narang. "But I go and look on the comments and I see that people are posting their emails! Do you honestly think this guy is going to send people money just for following him? Yeah, they do!"
Narang said that the scammers even try to double down after getting people to follow their profiles: they link to another Instagram profile and say that it's their accountant's, and that users should follow him to get instructions on how to get their money. Suddenly, the scheme has a monetizing factor behind it, too.
"He goes, 'I'm getting ready to send out checks, but I need you to donate 99 cents for postage to receive your thousand dollars. Click this link," says Narang. "And people were commenting, 'I just sent you 99 cents.'"
3. Shocking news that you won't believe!
"Most scammers use big and shocking
news, inviting the user to click, install or share something," says
Assolini. "They use something that's in the media, something that
everybody is talking about, like the crash of the MH17 flight. Curiosity
killed the cat."
Indeed, a link has been doing the rounds on Facebook, claiming to be a video of the Malaysia Airlines Flight MH17 crash. Needless to say, the link doesn't lead to a video at all, but rather spammy, pop-up filled sites or offensive content.
Indeed, a link has been doing the rounds on Facebook, claiming to be a video of the Malaysia Airlines Flight MH17 crash. Needless to say, the link doesn't lead to a video at all, but rather spammy, pop-up filled sites or offensive content.
4. Tinder scams abound
Given that it's one of the hottest apps out there at the moment, it should come as no surprise that there are multiple scams that have been popping up on Tinder.
One such scam involves a bot messaging a user, going through a script
and, eventually, inviting them to an adult webcam show. The bot then
sends a link and asks the user to click through.
"You say, 'But it's asking for a credit card,' and they say, 'Oh, it's just to make sure you're 18,'" says Satnam Narang, security response manager at Symantec. "But if you don't cancel within three days, you get charged a premium rate for service, anywhere between 40 and 80 bucks."
Then there are the fake prostitution profiles where there is text over the image saying, "GFE" (girlfriend experience) with a URL and a username. Should a user visit that address, they will be taken to an adult dating or casual hookup site. The appeal for scammers here is they can use this to monetize their scheme by way of PPL (pay per lead).
"If you end up signing up for a premium service, the scammers get even more money," says Narang.
There have also been spambots that inundate Tinder users with requests to install apps, specifically games, on their phones (see above). Again, monetization is the goal here: with every install, the scammers make more money.
"You say, 'But it's asking for a credit card,' and they say, 'Oh, it's just to make sure you're 18,'" says Satnam Narang, security response manager at Symantec. "But if you don't cancel within three days, you get charged a premium rate for service, anywhere between 40 and 80 bucks."
Then there are the fake prostitution profiles where there is text over the image saying, "GFE" (girlfriend experience) with a URL and a username. Should a user visit that address, they will be taken to an adult dating or casual hookup site. The appeal for scammers here is they can use this to monetize their scheme by way of PPL (pay per lead).
"If you end up signing up for a premium service, the scammers get even more money," says Narang.
There have also been spambots that inundate Tinder users with requests to install apps, specifically games, on their phones (see above). Again, monetization is the goal here: with every install, the scammers make more money.
5. Requests through Snapchat to take action
"Any service that is popular or gained
popularity over time -- like Snapchat, Vine, Tinder, etc. -- the
scammers will be there," says Narang. "They know they have a captive
audience."
Snapchat spam has shown up primarily in the form of scammers sending photos with a caption requesting that the recipient manually perform an action on their own. These requests have included adding a username on Kik, visiting a website that pushes diet spam, or going to an external site to claim a prize that they have one.
That said, Symantec expects users of the app to see more direct forms of spamming now that Snapchat has a native chat function. Luckily, chats from non-friends do not make URLs clickable; should a user be intent on visiting the address, they must copy and paste it into their browser themselves.
Snapchat spam has shown up primarily in the form of scammers sending photos with a caption requesting that the recipient manually perform an action on their own. These requests have included adding a username on Kik, visiting a website that pushes diet spam, or going to an external site to claim a prize that they have one.
That said, Symantec expects users of the app to see more direct forms of spamming now that Snapchat has a native chat function. Luckily, chats from non-friends do not make URLs clickable; should a user be intent on visiting the address, they must copy and paste it into their browser themselves.
6. Malwares spread via Facebook Messenger, Twitter
"We know of cases of IM worms being
disseminated on Facebook Chat and being used to spread links to
malware," says Assolini, explaining how not all social media scams are
not strictly social engineering, but also a means to spread malware.
After the user clicks the link in the message, a malicious applet is installed and used to download a number of other files, including code that's used to steal users' Facebook passwords. The victim's profile is connected to either Ebuddy.com or the mobile version of Facebook, at which point the infected profile begins to resend the message to other users.
Once a user has been infected, the worm is also capable of spreading the message (and malicious link) through other messengers and social networks, including Google Talk, Orkut, and Twitter.
After the user clicks the link in the message, a malicious applet is installed and used to download a number of other files, including code that's used to steal users' Facebook passwords. The victim's profile is connected to either Ebuddy.com or the mobile version of Facebook, at which point the infected profile begins to resend the message to other users.
Once a user has been infected, the worm is also capable of spreading the message (and malicious link) through other messengers and social networks, including Google Talk, Orkut, and Twitter.
7. The diet pill scam
One scam that's been making the rounds recently on Pinterest and Tumblr
(and Twitter, if the profile is linked to Pinterest) is for magic
bullet-style diet pills. Part of what made this particular campaign so
effective was its hijacking of high-profile social media accounts to
spread itself around.
While scammers often use fake profiles they've generated themselves, says Narang, they usually end up getting shut down by the social network's services, at which point they turn to compromising legitimate profiles.
"These people were well known users with thousands of followers, and they got compromised and they were posting messages about, 'I can't believe I lost weight with these pills' and a link," says Narang. "One of the profiles they did compromise was a well-known fitness trainer. Considering she's in fitness and talking about weight loss, that probably got people to click through and buy the pills."
While scammers often use fake profiles they've generated themselves, says Narang, they usually end up getting shut down by the social network's services, at which point they turn to compromising legitimate profiles.
"These people were well known users with thousands of followers, and they got compromised and they were posting messages about, 'I can't believe I lost weight with these pills' and a link," says Narang. "One of the profiles they did compromise was a well-known fitness trainer. Considering she's in fitness and talking about weight loss, that probably got people to click through and buy the pills."
8. Directing users to Kik...and then to worse
The scams on Kik are related to some
of the other scams on this list -- namely, the ones involving Tinder and
Snapchat -- because many of the other scams point users to this popular
messaging service before finally getting to the scam. Spambots on both
Tinder and Snapchat often request users to add them on Kik, at which point they send links for adult webcam sites.
Like with the other adult webcam spam, the issue lies with whether or not the user gives up their credit card number after clicking through to the site. Should they surrender their information, there are only charged a nominal fee initially, but then are hit with "premium" fees for much larger amounts if they don't cancel shortly thereafter.
Like with the other adult webcam spam, the issue lies with whether or not the user gives up their credit card number after clicking through to the site. Should they surrender their information, there are only charged a nominal fee initially, but then are hit with "premium" fees for much larger amounts if they don't cancel shortly thereafter.
9. Malicious Chrome extensions on Facebook
Sadly, claims on Facebook regarding
software that will clean up your computer may very well lead to the
infections that you're trying to avoid.
"Scammers have been offering a supposed 'virus removal tool' to clean your profile," says Assolini, "when in reality it installs a malicious Chrome extension and then uses your profile to attack friends."
This recent scam -- which includes variations like promising the ability to change the color of your Facebook profile or to see who visited it -- asks users to install an application from a Facebook page, which is in fact a malicious Chrome extension. While this may not be particularly unique in and of itself, the real shocker lies in the fact that there has been at least one malicious extension that was hosted on Google's official Chrome Web Store. To further mask itself, the extension was labeled as "Adobe Flash Player." Though Google has since removed the extension in question, but Assolini says that scammers are uploading new extensions regularly.
Once installed, the extension has commands to use the infected profile to send messages to the user's friends, encouraging them to download it as well. The script file that the extension downloads can also command the profile to "like" pages, thereby giving the attackers the ability to monetize the scam by selling Facebook "likes" for other pages.
"Scammers have been offering a supposed 'virus removal tool' to clean your profile," says Assolini, "when in reality it installs a malicious Chrome extension and then uses your profile to attack friends."
This recent scam -- which includes variations like promising the ability to change the color of your Facebook profile or to see who visited it -- asks users to install an application from a Facebook page, which is in fact a malicious Chrome extension. While this may not be particularly unique in and of itself, the real shocker lies in the fact that there has been at least one malicious extension that was hosted on Google's official Chrome Web Store. To further mask itself, the extension was labeled as "Adobe Flash Player." Though Google has since removed the extension in question, but Assolini says that scammers are uploading new extensions regularly.
Once installed, the extension has commands to use the infected profile to send messages to the user's friends, encouraging them to download it as well. The script file that the extension downloads can also command the profile to "like" pages, thereby giving the attackers the ability to monetize the scam by selling Facebook "likes" for other pages.
10. InstLike
Another popular Instagram scam involves a third party app for Instagram users called InstLike,
which is meant to garner automatic likes for users' photos. The issue
with InstLike is that once it's installed, it asks users to sign in with
their Instagram credentials but does not use the app's API. By
surrendering their information like this, people become part of a social
botnet.
"People are obsessed with getting hundreds of likes," says Narang, "So they're giving up their credentials to get likes. They're willingly opting into this botnet."
On top of people voluntarily giving up credentials to someone they don't know or trust, they are also violating Instagram's Terms of Service. The interface used to get likes for your photographs involves exchanging coins for likes, and more can be acquired through in-app purchases or by using certain hashtags.
"If you post one picture a day with a certain hashtag, you get 20 likes automatically," says Narang. "That's in direct violation of Instagram's Terms of Service."
Culled from: csoonline
"People are obsessed with getting hundreds of likes," says Narang, "So they're giving up their credentials to get likes. They're willingly opting into this botnet."
On top of people voluntarily giving up credentials to someone they don't know or trust, they are also violating Instagram's Terms of Service. The interface used to get likes for your photographs involves exchanging coins for likes, and more can be acquired through in-app purchases or by using certain hashtags.
"If you post one picture a day with a certain hashtag, you get 20 likes automatically," says Narang. "That's in direct violation of Instagram's Terms of Service."
Culled from: csoonline
No comments:
Post a Comment