The Latest in IT Security

Survey Scams as Cross-Platform Threats


For some time now we’ve been reporting about Facebook scams involving surveys that ask for victims’ mobile numbers. These have become rampant, and have used many different lures like Google+ invites
and free Breaking Dawn Part 2 movie tickets

Another good example is a Facebook page we recently encountered, one claiming to be a Starbucks promo page, and offering people free coffee. Clicking the link on the page opens a new browser window, which connects to a site that triggers a series of redirections.

Click for larger view Click for larger view

The user is then finally led to a survey site, which asks for the user’s mobile number.

As we’ve known from past instances of this threat, what happens when the user enters their phone number is that they get subscribed to certain services without their permission, causing them additional charges to their phone bill on a daily basis.

We decided dig deeper into the survey site, as it is the same site that we’ve seen in several previous attacks.

The website, http://{BLOCKED}, is registered under ENOM Inc, a registrar known to be used by cybercriminals. It was created in 2008, and its registration expires in 2012.

Based on its website information, it specifically targets mobile users, as the most used keywords for the site include the words ringtones, polyphonic ringtones, as well as screensavers, and wallpapers. Based on this, it is highly likely that the same guys behind this site are the same ones behind the survey scams being seen around Facebook.

The particular scheme shares similarities with a prevalent type of mobile malware: premium service abusers. Like premium service abusers, survey scams also leave users with unwanted charges in their phone bill. The only difference is the way it is done, since premium service abusers are more intrusive, and involve a malicious file being installed in the affected device. Survey scams rely mostly on social engineering, but nevertheless leads to the same result.

With the growing dependency of users both on mobile devices and social media, it is not surprising to see threats such as this one, wherein the vector used, is a different platform from the one that will be ultimately affected.

Users can check out our e-book, “Spam, Scams, and Other Social Media Threats” for more information, as well as our Mobile Threat Information Hub for the latest on mobile threats..

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments