The Latest in IT Security

Getting the most out of Tumblr (for a work-at-home scam)

07
Jul
2011

Tumblr is a microblogging platform that allows users to post text, images, videos, links, quotes and audio to their short-form blogs. The last few days have turned up Tumblr accounts being used by scammers to redirects users to their work-from-home sites. The redirection is based on functionality provided by Tumblr. The scam starts with an email promising great riches:

I was at home and started skimming on MSNBC’s county self-employed section on wednesday and then was infatuated with this interesting online based opportunity where college students continue to earn up to $3700 a /wk+ & I didnt understand all of it at the beginning but we just had to try it and thankfully I did since I’ve earned myself $426.68 my very 2nd day trying. It’s completely simple. I’ve already been paid straight into my bank account… its probably the best thing that’s happened to us this year..

Here’s the hometown section web site http://easyhomebasedjobnews–.tumblr.com/w4qzr I really think nearly anyone that has access to a computer will be able to attempt the job which is why I am filling in all our friends & loved ones. I want you to join and earn some cash your self. also share this email with every body you know who needs extra cash so that we can all eliminate the economic nightmare!

Before we go any further – we hope it’s clear that this is a scam. A brief search of complaint forms will provide sad tales of folks who have lost lots of money purchasing these “kits”. The scammers create basic Tumblr sites like this one:

The scammers then exploit one of Tumblr’s nifty features: Users can create a Tumblr link that automatically redirects to another site, for example:

  • feature-user.tumblr.com – the blog page set up by a guy called “feature-user”
  • feature-user.tumbler.com/facebook – set up by “feature-user” so that it redirects automatically to his Facebook page which is “www.facebook.com/feature-user”

The idea is that you can use you Tumblr page as the basis for you entire online presence. The page where this is set up in Tumblr is shown here:

An HTTP 301 redirect code is used here i.e.: there is no HTML redirect.

HTTP/1.1 301 Moved Permanently

X-Tumblr-User: easyhomebasedjobnews–

Location: http://home36biz—art.ru

The advantages for scammers of Tumblr to host their redirects:

  1. URL filtering/Web security products will usually categorize URLs from the Tumblr domain as “blog” – and will not block access
  2. Redirection is built into the site – no HTML scripts are required
  3. It’s free

The destination page is a “newspaper” where every link leads to the scam purchase page. The page is customized based on the user IP address. In our case “Netanya”.

 

Leave a reply


Categories

WEDNESDAY, OCTOBER 18, 2017

Featured

Archives

Latest Comments

Social Networks