Posts tagged as:

Rogue Apps

Scam Alert: Valentine’s Theme For Facebook Profiles

February 2, 2012

With Valentine’s Day just a couple of week away, people around the world including cybercriminals are getting ready, and Facebook with over 800 million users is a sweet place for them.

One of the earliest Valentine’s scam making the round this year comes in the form a Valentine’s Day theme for Facebook profiles according to computer security firm Trend Micro.

Like other scam apps, the attack starts off as a post (with a link) on affected users’ wall inviting other users to install a Valentine’s theme into their Facebook profile.

valentinestheme 20120129 Scam Alert: Valentines Theme For Facebook Profiles

Credit: Trend Micro

On clicking the link, users are redirected to another page to install the theme.

“Clicking the install button on the page will prompt the download of a malicious file, FacebookChrome.crx which Trend Micro detects as TROJ_FOOKBACE.A. When executed, TROJ_FOOKBACE.A executes a script that is capable of displaying ads from certain websites,” Christopher Talampas, fraud analyst at Trend Micro, wrote in a blog post.

While, he believes that the malicious browser extension doesn’t seem to have information theft capabilities, it does have the ability to monitor the user’s browsing activities and redirect them to a survey page asking them for their mobile number.

He noted that the attack works only on Google Chrome or Mozilla Firefox browsers. Opening the Facebook link using internet Explorer will redirect users directly to the same survey bypassing the downloading steps.

“The fact that the attack itself is focused on Chrome and Firefox may mean that cybercriminals are targeting extension-compatible browsers, as well as going after more popular browser choices,” Christopher wrote.

“It fits the criteria of a clickjacking attack more, where it automatically ‘likes’ several Facebook pages as well as automatically posts a message on the affected user’s wall,” he added.

With Valentine’s Day right around the corner, this scam may just be the beginning. I believe there are dozens of them out there already and many more to follow. So remember to use your judgement on Valentine’s posts/offers that prompt you to install something.

{ 0 comments }

Alert: Fake Google Plus Invite Scam Spreading On Facebook

July 14, 2011

Google Plus – the latest social network from search engine giant and Facebook’s rival – is a hot item.

Just two weeks after its launch and may very well reach 20 million users by this weekend- the figures would have been much more but Google+ is currently on a limited free trial.

So, many internet users are searching for an invitation, and scammers are making use of this weakness.

fb googleplus scamapp Alert: Fake Google Plus Invite Scam Spreading On Facebook

(credit:sophos.com)

A rouge application is apparently spreading on Facebook claiming to help users get Google+ invite.

The apps post messages on victim’s newsfeed like the one below:

Users are asked to allow third-party app to access your Facebook account, when one click on the newsfeed.

Upon granting permission, users are encouraged to like the page, and if the like wasn’t enough, you are encouraged to send out up to 50 invites to your Friends.

According to Graham Cluely, sending out invites is a “sneaky piece of social engineering by the folks behind [the] third party application,” because your friends will think that you have already checked out the app.

So, beware of this rouge app or other similar apps.

{ 0 comments }

Beware of Fake “Twilight: Breaking Dawn Game”

April 13, 2011

Facebook users, especially tweens, who are fans of the Twilight series, are falling prey to a scam that hijack their accounts and spread the scam to friends in their network.

Updates that look like promotions of a game based on the upcoming Twilight movie series “Breaking Dawn,” are circulating wildly on Facebook according to Sophos blog post.

Users are said to be directed to Facebook page that looks like a Twilight-base game page like the screenshot below.

“]TwilightPlayNow Beware of Fake Twilight: Breaking Dawn Game

[Credit:Sophos

Clicking on the “play now” button will automatically result in liking the game, which will be reflected on the user’s wall with updates, thereby distributing the link to the users’ entire network of friends.

The user is asked to grant permission to third-party app to access to their Facebook account, and then the user is presented with a survey as a means to verify their account, and the scammer makes money off every survey completed.

A Facebook spokesman told CNET in an email that, “We are currently tracking this scam and are working to shut down the spammy vectors + remediate any users who have been affected.”

So, beware of this cheap Twilight scam and share the news to friends if you see similar links on your friends feeds.

{ 0 comments }