View All Social Networking

Facebook Scam: ‘Wired News: iPhone 5 – First Exposure’ leads to Adware

By Anonymous  •  May 1st, 2011  •   Social Networking

There are new updates at the bottom of this post (Last updated: May 9th)

From likejacking to photo-tagging, Facebook scammers are constantly searching for new ways to get their scam campaigns to spread through the social network. Early this weekend, we observed a new type of scam, this one leveraging Facebook’s new social plugin for websites that allow for comments. This is being exploited by scammers to get their rogue websites visible on users’ news feeds, because for a scammer, the more eyeballs that see these posts the better.

Familiar Justin Bieber scam returns in a new form

Familiar Justin Bieber scam returns in a new form

There are various flavors of the scam making the rounds. However, the newest one to make the rounds focuses on a familiar Apple product: the iPhone. With rumors circulating about the iPhone 5, loyal Apple followers are drawn to the various news articles that cover these stories.  So, it’s no surprise that scammers have decided to piggyback on this for their latest scam.

iPhone 5 Scam spreading on Facebook

iPhone 5 Scam spreading on Facebook

The scam begins with someone in your social network “commenting” on a post like the one above. The report claims to be from Wired News and has one of those headlines that is used to lure a user into clicking on the link.

iPhone 5 - Scam Page

iPhone 5 - Scam Page

Once a user clicks on the link, they are redirected to a random .info site. There have been over 10 of these in circulation for this particular scam. Before the user can click on anything, they are asked to answer a CAPTCHA-like verification form:

Human Verification overlay for Facebook Comments

Human Verification overlay for Facebook Comments

This effectively tricks the user into inputing the number 5, which actually results in the user leaving a comment for the .info website through the use of the Facebook social-plugin layer for comments.  This is why users will see that ‘John Doe’ commented on randomsite.info on their Facebook News Feed.

iPhone 5 Scam Page: Download the 'Exposure' Video

iPhone 5 Scam Page: Download the 'Exposure' Video

Unlike most Facebook scams of late, at the end of this rainbow, there is no survey scam. Instead, the users are prompted to download an executable file.

Installer for 'videogameboxinstaller.exe'

Installer for 'videogameboxinstaller.exe'

The executable file is videogameboxinstaller.exe and it is dubious in nature, as it downloads other pieces of software. “AnyLike” claims to allow users to “like” any and everything on the web.

AnyLike Browser Application Installation

AnyLike Browser Application Installation

“PageRage” allows users to add style to their Facebook pages:

PageRage - Be sure to read the terms!

PageRage - Be sure to read the terms!

PageRage notes in its terms above that it will display ads to the end user. Sounds like Adware? Four antivirus vendors agree, flagging this as Adware.Yontoo. This also seems to indicate that there is some affiliate program involved.  And sure enough there is:

Details on how to become an affiliate for PageRage

Details on how to become an affiliate for PageRage

At the heart of all these Facebook scams lies the same principal: a way for the scammers to make money by tricking users. Survey scams have been working quite well, so it makes sense that scammers would begin focusing their efforts with pay-per-install affiliate programs.

There are other Facebook comment scams (dubbed “comment-jacking”) that are making the rounds, including one regarding Free Airline tickets aboard Southwest Airlines.

Southwest Airlines Comment-Jacking Scam

Southwest Airlines Comment-Jacking Scam

As we have advocated for many other Facebook scams, the key here is to be aware that scammers will do whatever it takes to make a fast buck on the backs of social networking users. That’s why they tend to jump on topics that might appeal to a user (Apple iPhone 5, Free Airline tickets, etc.).

If it looks too good to be true, there’s a very good chance that it is.  Look out for the people who are apart of your personal social network: friends and family members.  Let them know about scams like these, because awareness remains a big piece of the puzzle.

Note: At the time this blog was published, over 100,000 visits have been logged to the various links in circulation. The final tally was over 400,000 visits before the scam was shut down.

Over 100,000 Visits to the various scam pages

Over 100,000 Visits to the various scam pages

Update: We were recently contacted by Jennifer Quintero, Marketing Coordinator for Theme Your World LLC, the company that owns the PageRage software. For clarification, Theme Your World LLC is not complicit in this scam activity, rather, the scammers are using the company’s PageRage software and its affiliate program in order to make money off of unsuspecting Facebook users.

Jennifer informed us that they are currently investigating this issue and will be taking corrective action against this affiliate.

Update [May 9th]: We are seeing this scam making the rounds once again. There are a few differences in the new version.

Instead of verification by solving 3+2, users are asked to verify with a word

Instead of verification by solving 3+2, users are asked to verify with a word

In the previous version of this scam, users were asked to solve the math equation: 3+2=? In this new version, scammers are asking users to verify a word instead, which is the basis for most CAPTCHA systems:

Users are asked to verify the "CAPTCHA" and the comment posted match

Users are asked to verify the "CAPTCHA" and the comment posted match

Instead of asking you to type in the word you see, all you’re asked to do is verify that the word presented to you matches the word posted by someone else. They ask you to click continue twice, because the second click is what allows the comment to appear on your profile. In this scenario, users would see your post appear in their News Feed about the iPhone 5 along with your comment of “incredible” which coincides nicely with the story. It would appear more legitimate to someone else instead of a comment that merely says ” 5″ on a story like this.

Once you’ve supposedly verified the “CAPTCHA,” you are asked to fill out one of a handful of surveys:

Like most Facebook scams, this one falls back on what works: Fill out a Survey!

Like most Facebook scams, this one falls back on what works: Fill out a Survey!

We thought this scam had died off but, it looks like it’s back in full force. Be on the lookout for it.

 

Tags:    |    |    |    |    |  

Comments are closed.