Story image

Old Facebook scam gets ready for new boost

15 Aug 2016

ESET researchers are warning about Facebook hoax scams that spread fake terror news to trick victims into disclosing their Facebook credentials.

For example, Facebook users in the Czech Republic were targeted with a fake news report on a “deadly attack in Prague”. Soon after the Facebook scam was publicly disclosed in Czech mainstream media, the crooks turned their attention to the Slovakia (in Slovak) and duplicated their tricks to find new victims.

“From what we have learned about this campaign, the attack may be designed to continue in other countries,” warns Lukáš Štefanko, a malware researcher at ESET.

The scam starts with a compromised user account sharing or commenting on the status of a terrorist attack. The victim’s friends are tagged in this comment as well. When a user clicks on this hoax, he or she is redirected to a phishing webpage that requests his or her Facebook credentials to proceed to a site with more information about the incident. If the user enters the credentials (be they genuine or not), they are redirected to another fake Facebook page.

As with other tragic events, i.e. the crash of Malaysia Airlines Flight 370, the Boston marathon attack or recent terrorist attacks in Europe – these incidents become an opportunity for criminals to trick victims with social engineering techniques.

In the case of the Facebook scam in Czech Republic, the fake news on the alleged terrorist attack was easy to debunk as the location in the image clearly didn’t resemble Prague, or in fact any other major city in Europe.

Despite this, the scam spread quickly. “Facebook users often share stories without actually reading them,” explains Mr. Štefanko. “Scam campaigns, if designed to be emotionally appealing, fare surprisingly well because of our unfortunate behavior.”

Facebook has started to block the phishing Facebook pages used in this campaign and ESET security products block phishing webpages connected to this scam along with other domains registered by the same person.

Mr. Štefanko continues: “In the past weeks, there were 84 domains registered by the same person. Several of them have the Facebook phishing functionality, while others could be used in future for a larger scale attack.

“After learning that ESET, possibly along with other security vendors blocks the domains, they move the phishing websites to other newly established domains. It’s a never-ending cat-and-mouse game.

“Based on our research, we do suppose that the crooks behind this campaign are planning other phishing attacks. We urge Facebook users to pay attention to what they are about to like or share.”

To all those who think they might have been tricked into sharing their Facebook credentials, ESET security experts recommend that they change their passwords. And, of course, if you have been using the same password for multiple services, change the password wherever applicable – and put a stop to the extremely risky practice of password sharing.

Article by an editor for We Live Security

SingularityNET CEO discusses the future of AI
"In my view, AI will eliminate essentially all need for humans to do practical work."
Amazon puts a 'Ring' on smart home surveillance
Ring’s slick products and marketing have certainly helped it to become synonymous with security systems like video doorbells, security cameras, floodlights, and smart home security automation.
Hands-on review: Playing music with Sphero’s Specdrums
Sphero has released this year a new device calling it the ‘Specdrums’. Sphero as a company wanted to branch outside of making Star Wars droids and this gadget is what the company came up with. 
Google Assistant's clever ways to help smart homes go green
Pairing ENERGY STAR-certified smart bulbs with Google Assistant can help you control the lights with just your voice, or set lighting schedules to use electricity only when you need it.
Breakthrough research to revolutionise internet communication
Every email, cell phone call and website visit is encoded into data and sent around the world by laser light.
The world loves smart speakers - and China leads the way
People across the world love their smart speakers – and we have AI assistants like Amazon Alexa to thank for the revolution.
Hands-on review: The Fitbit Versa Lite
At first glance, the Versa and the Versa Lite look exactly the same. For someone who is not a Versa user, the two can be easily mistaken.
Farmers looking for data to help change bad habits
It is no secret that agriculture is a massive cause of environmental issues in NZ. Farmers say they are willing to change, if they get the right data.