News of Whitney Houston’s sudden demise spread like wildfire in the Internet. Countless tweets, Facebook wall posts, and news items circulated regarding the singer’s death at age 48. Given the massive attention that Houston’s death generated, cybercriminals are naturally out there taking advantage of this unfortunate incident.
We have uncovered two web threats shortly after the news broke out. One was a clickjacking attack found on Facebook, while the other one was a link circulating on Twitter.
RIP “Whitney Houston” leads to Clickjacking
A fake video was seen spreading via the social networking site Facebook was found by my colleague, Karla Agregado. The posts, which have the subject “I Cried watching this video. RIP Whitney Houston“, come in the form of a wall post with a link to the supposed video. Once users click on the video, it leads them to a Facebook page that contains a link to the video. However, clicking the said link only leads to several other redirections until users are lead to the usual survey scam site.
Upon further investigation on the domains involved, we also found 101 more survey scam domains registered on the same IP where the domains are hosted.
RIP Whitney Tweets May Lead To Web Threat
We have also found tweets with malicious links that also took advantage of the tag RIP Whitney Houston, which was trending worldwide on Twitter.
The said tweets contain a link to a particular blog dedicated to Whitney Houston. Users viewing this page are then redirected to another web site, even without them having to click on anything. The succeeding page is a site that supposedly features several Whitney Houston wallpapers, which users can download. Once users decide to download a wallpaper, a pop up window appear that asks users to donwload some “Whitney Houston ringtones”.
Whatever users choose – whether to leave the page or stay on the page – they will be redirected to the a survey site that asks for mobile numbers.
Using newsworthy events, in particular the death of a celebrity (even the fake ones), is a common bait of cybercriminals to lure users into their schemes. There were other previous attacks that also leveraged the sudden and oftentimes, shocking demise of a celebrity.
- Facebook Scam Leverages Lady Gaga’s “Death,” Bypasses HTTPS
- Amy Winehouse’s Death Used in Online Attacks
Meanwhile, for more information on survey scams, please check Karla’s past post, Survey Scams as Cross-Platform Threats.
Users must always be cautious before clicking any news items in their Facebook or Twitter feeds that purportedly contains news about their favorite celebrities. Better yet, they should bookmark reliable news sites to avoid these schemes. For more helpful tips on how to better protect yourself from these threats, you may read on our comprehensive ebook guide “A Guide to Threats on Social Media”.
Trend Micro protects users from this attack via Trend MicroT Smart Protection NetworkT that blocks all related malicious URLs.
Leave a reply
