Bestehen Bedenken im Hinblick auf VPN-Sicherheitslücken? Erfahren Sie, wie Sie von unserem VPN-Migrationsangebot inklusive 60 Tagen kostenlosem Service profitieren können.

Zscaler Blog

Erhalten Sie die neuesten Zscaler Blog-Updates in Ihrem Posteingang

Abonnieren
Security Research

Gone Phishin' On The Facebook

image
CHRIS MANNON
März 29, 2013 - 3 Lesezeit: Min

 

Social Media sites are rife for exploitation and malicious intent.  They have become a staple of connectivity between colleagues, family, and friends to the point that they are in many cases the focal point of communication.  Chief among these social media sites, is Facebook.  Not quite professional a network as Linkedin, not quite as informal as Twitter. Facebook is a perfect storm of chat, image host, and blurbs about how delicious your friend's lunch was.  Of course the information you post on these networks is what makes them so juicy a target for scammers.


Clickjacking is a scam technique that tricks users into clicking on something they perceive as legitimate but it is actually designed to harvest a “Like” or a click through to something malicious.

These Facebook scams don’t hide nearly as hard as you might think.  More than likely you have one in your News Feed.  So let me drop some helpful hints on how to spot a Facebook scam:

 

 

  • Shared/Liked a link for something clearly Not Safe for Work.
  • Shared/Liked a link for ANYTHING related to Free ANYTHING.  Nothing in life is free, so don’t expect it on Facebook either.
  • Shared/Liked a link from a less reputable source.  Example: Tommy Boy shared a link from : OMG!! COUPONS!?!1! Free Ipads and more
  • Shared/Liked Video or pic is displayed differently than other pic or videos.
  • You are tagged in a post which has other seemingly random friends also tagged along with a shortened URL.


My example today will cover 3/5 of the above so let’s get started!

 

 

 

Image
ಠ_ಠ


This immediately met my criteria for suspicion.  In a secure environment, and on my Dog’s Facebook account, I was feeling comfortable to explore further without putting my personal account at risk.

 

 

 

 

 

Image


Clicking that ‘video’ link will immediately take you to a page that almost looks legitimate.  It has the Facebook navbar, but no chat bar.  To deter the more savy users from inspecting these elements further, the scammers have ensured that right-click is disabled.  The code for which looks like this:

 

 

 

 

 

Image


Closer inspection of the source will reveal that it isn’t even a video, but an image of a video.  See:

http://i.imgur.com/JEHTP.png

http://i.imgur.com/KxQdy.gif

Fortunately for this victim, the attackers were only after his like’s and not his account or computer.  Clicking through this ‘video’ triggers a ‘LikeJacking’ attack.  So far, 160 people have fallen for this scheme.

The attacker’s goal here is not to spread malcontent and chaos, but rather to make money by scamming affiliate marketers.  A ‘Like’ on Facebook requires no two step verification to ensure that the user in question indeed clicked ‘Like’.  The harvested ‘Like’s from the scam can then be used for any purpose they desire since there is no elaboration on what is actually being endorsed.  As you see in the above screenshot, this button could be attached to anything the scammers choose to give the impression that 160 people ‘Like’d something else.

 

 

 

 

Image


Digging deeper into this scam it seems unlikely that this is the only instance of this on Facebook.  I did a quick look-up on the images hosted at imgur.com and found that it was uploaded 7 months ago and has been seen 2,439,013 times at a combined bandwidth of 187.45 GB.

 

 

 

 

 

Image


I’m no affiliate marketer, but I did some research and found that the common payout method for a pay-per-click offering should yield $290.35 a day given the time this scam has been running and the amount of views.

 

 

 

 

 

 

 

form submtited
Danke fürs Lesen

War dieser Beitrag nützlich?

dots pattern

Erhalten Sie die neuesten Zscaler Blog-Updates in Ihrem Posteingang

Mit dem Absenden des Formulars stimmen Sie unserer Datenschutzrichtlinie zu.