The Latest in IT Security

Late last month we reported about survey scams, and how such threats go across platforms from social networks to mobile. Back then we reported a scam deployed through Facebook, which enticed users into clicking links by offering free Starbucks coffee.

We saw a scam very similar to the one we reported before, except for some differences. First off, instead of being deployed solely through Facebook, the one we found arrives via spammed messages:

Clicking the link in the spam message triggers redirections that finally lead to the following pages:

At this stage we noticed something different: for the first sample, the user is requested to share the link through Twitter, while the second sample requires the user to share it through Facebook.

We asked the assistance of our colleague, Frauds Analyst Sarah Calaunan, and she reported to us that clicking the “CLAIM MY GIFT” button after sharing the link through Twitter or Facebook leads to a rewards site. The said site offers users certain mobile applications.

Choosing any of the applications leads to the survey scam site http://{BLOCKED}factory.com. This survey scam site is the same site we reported before, and has been used heavily in past attacks. The said site asks users to enter their mobile number into the site, subscribing the user to unwanted services in the process. Services include certain “clubs” that send content to subscribers on a daily basis. This will cost the users additional charges for a service they did not sign up for.

Despite the rampancy of survey scams, this particular attack is neither the only, nor the biggest Facebook-related attack seen recently. The social network was center of talks just a few days ago after members of the social network found their newsfeeds peppered with spammed posts that contained offensive images. The massive spamming was then later traced to a typical Facebook scheme that involves tricking the user into executing a JavaScript through the browser address bar.

As Facebook users continue to fall for social engineering lures such as the one we reported here, the schemes targeting them are sure to continue. Trend Micro users are already protected from this scheme, as the related URLs are already blocked through the Trend Micro Smart Protection Network. For more information on threats targeting social network users, check our ebook, A Guide to Threats on Social Media, as well as our infographic, The Geography of Social Media Threats.