The Latest in IT Security

Facebook Scam Leverages Lady Gaga’s ‘Death,’ Bypasses HTTPS

06
Aug
2011

We’ve recently analyzed a Facebook spam that purportedly comes from the media organization British Broadcasting Corporation (BBC), similar to how cybercriminals used the social networking site LinkedIn early last month.

The attack starts with a wall post containing the subject BREAKING: Lady Gaga Found Dead in Hotel Room together with the legitimate site www.bbc.co.uk and a description that says This is the most awful day in the US history.

This lures the users to a video supposedly hosted in the BBC site. Clicking this wall posts, users are actually redirected to a malicious site.

This site contains URL links, buttons, and images that replicate the legitimate BBC site, but in reality the page contains only a large image and the “Play” button on the video is the only clickable element. Users who are curious enough to check out the video receive a message prompt requiring them to complete a survey before playing the video. While this is happening, the their respective account is set to Like the wall post mentioned above.

Clicking the You won! button leads to ad sites that earn money for the attackers for every user visit.

During our analysis, we have also noted that this Facebook spam does not prompt a warning message for the site redirection, therefore bypassing the SSL/HTTPS feature of Facebook even if it is enabled.

Such Facebook attacks that use news items on celebrities, pop icons, and significant world events are something that we have seen before. Just recently, we have noted a similar Facebook ruse, which used the recent demise of singer Amy Winehouse and also required users to answer a survey and disclose their mobile phone numbers.

Users are advised to continuously be wary of such threats and avoid clicking links to such scams on Facebook. Trend Micro protects product users from this attack via the Smart Protection NetworkT by blocking all related URLs.

As cybercriminals are persistently looking for ways to use Facebook and other social networking sites for their malicious schemes, social media users may check our report, “Spam, Scams, and Other Social Media Threats.”

Needless to say, Lady Gaga is still alive.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments