There are new updates at the bottom of this post (Last updated: May 9th)
From likejacking to photo-tagging, Facebook scammers are constantly searching for new ways to get their scam campaigns to spread through the social network. Early this weekend, we observed a new type of scam, this one leveraging Facebook’s new social plugin for websites that allow for comments. This is being exploited by scammers to get their rogue websites visible on users’ news feeds, because for a scammer, the more eyeballs that see these posts the better.
There are various flavors of the scam making the rounds. However, the newest one to make the rounds focuses on a familiar Apple product: the iPhone. With rumors circulating about the iPhone 5, loyal Apple followers are drawn to the various news articles that cover these stories. So, it’s no surprise that scammers have decided to piggyback on this for their latest scam.
The scam begins with someone in your social network “commenting” on a post like the one above. The report claims to be from Wired News and has one of those headlines that is used to lure a user into clicking on the link.
Once a user clicks on the link, they are redirected to a random .info site. There have been over 10 of these in circulation for this particular scam. Before the user can click on anything, they are asked to answer a CAPTCHA-like verification form:
This effectively tricks the user into inputing the number 5, which actually results in the user leaving a comment for the .info website through the use of the Facebook social-plugin layer for comments. This is why users will see that ‘John Doe’ commented on randomsite.info on their Facebook News Feed.
Unlike most Facebook scams of late, at the end of this rainbow, there is no survey scam. Instead, the users are prompted to download an executable file.
The executable file is videogameboxinstaller.exe and it is dubious in nature, as it downloads other pieces of software. “AnyLike” claims to allow users to “like” any and everything on the web.
“PageRage” allows users to add style to their Facebook pages:
PageRage notes in its terms above that it will display ads to the end user. Sounds like Adware? Four antivirus vendors agree, flagging this as Adware.Yontoo. This also seems to indicate that there is some affiliate program involved. And sure enough there is:
At the heart of all these Facebook scams lies the same principal: a way for the scammers to make money by tricking users. Survey scams have been working quite well, so it makes sense that scammers would begin focusing their efforts with pay-per-install affiliate programs.
There are other Facebook comment scams (dubbed “comment-jacking”) that are making the rounds, including one regarding Free Airline tickets aboard Southwest Airlines.
As we have advocated for many other Facebook scams, the key here is to be aware that scammers will do whatever it takes to make a fast buck on the backs of social networking users. That’s why they tend to jump on topics that might appeal to a user (Apple iPhone 5, Free Airline tickets, etc.).
If it looks too good to be true, there’s a very good chance that it is. Look out for the people who are apart of your personal social network: friends and family members. Let them know about scams like these, because awareness remains a big piece of the puzzle.
Note: At the time this blog was published, over 100,000 visits have been logged to the various links in circulation. The final tally was over 400,000 visits before the scam was shut down.
Update: We were recently contacted by Jennifer Quintero, Marketing Coordinator for Theme Your World LLC, the company that owns the PageRage software. For clarification, Theme Your World LLC is not complicit in this scam activity, rather, the scammers are using the company’s PageRage software and its affiliate program in order to make money off of unsuspecting Facebook users.
Jennifer informed us that they are currently investigating this issue and will be taking corrective action against this affiliate.
Update [May 9th]: We are seeing this scam making the rounds once again. There are a few differences in the new version.
In the previous version of this scam, users were asked to solve the math equation: 3+2=? In this new version, scammers are asking users to verify a word instead, which is the basis for most CAPTCHA systems:
Instead of asking you to type in the word you see, all you’re asked to do is verify that the word presented to you matches the word posted by someone else. They ask you to click continue twice, because the second click is what allows the comment to appear on your profile. In this scenario, users would see your post appear in their News Feed about the iPhone 5 along with your comment of “incredible” which coincides nicely with the story. It would appear more legitimate to someone else instead of a comment that merely says ” 5″ on a story like this.
Once you’ve supposedly verified the “CAPTCHA,” you are asked to fill out one of a handful of surveys:
We thought this scam had died off but, it looks like it’s back in full force. Be on the lookout for it.