Free Apple iTunes Giftcard scam spreads on Facebook

July 5, 2011 by  
Filed under Security News

Facebook users are being tricked into helping scammers earn money, in the mistaken belief that they will receive a free $25 Apple iTunes Giftcard.


We have seen a number of Facebook users posting messages like the following onto their walls:

Apple iTunes Giftcard scam

Free $25 Apple iTunes Giftcard
Limited time left, get yours now!


Clicking on the link takes you to a webpage which urges you to “Share” the message with your Facebook friends before you can go any further.


Apple iTunes Giftcard scam


You should, of course, always treat such requests with suspicion – but that hasn’t stopped many people unwittingly help the scammers to spread their links far and wide across Facebook.


Apple iTunes Giftcard scam being shared


Perhaps you noticed that you still haven’t been given a free $25 Apple iTunes Giftcard at this point. Instead, the scammers would like you take a survey.


Apple iTunes Giftcard scam


Clearly they have no qualms about using Apple imagery to try to trick you into believing that the campaign is endorsed in some way by Apple itself.


This type of survey scam is all too familiar to regular readers of Naked Security. The scammers earn commission for every survey they trick people into completing – and your chances of ever receiving an iTunes Giftcard are close to zero.


Apple iTunes Giftcard scam


But it’s too late for your Facebook friends, as you have already shared the link with them – and so the scam spreads across the social network as users pass it on between eachother.


Of course, if you have fallen for the scam, it’s a good idea to remove all references to it from your Facebook page and warn your friends not to participate in it.


Apple iTunes Giftcard scam


If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 100,000 people.


By Graham Cluley @



WARNING – Facebook Dislike button spreads fast, but is a fake – watch out!

May 16, 2011 by  
Filed under Security News

Don’t be too quick to click on links claiming to “Enable Dislike Button” on Facebook, as a fast-spreading scam has caused problems for social networking users this weekend.


Messages claiming to offer the opposite to a like button have been appearing on many Facebook users’ walls:

Dislike button on Facebook

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!


Like the “Preventing Spam / Verify my account” scam which went before it, the scammers have managed to waltz past Facebook‘s security to replace the standard “Share” option with a link labelled “Enable Dislike Button”.

The fact that the “Enable Dislike Button” link does not appear in the main part of the message, but lower down alongside “Link” and “Comment”, is likely to fool some users into believing that it is genuine.


Clicking on the link, however, will not only forward the fake message about the so-called “Fakebook Dislike button” to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.


The potential for malice should be obvious.


As we’ve explained before, there is no official dislike button provided by Facebook and there isn’t ever likely to be. But it remains something that many Facebook users would like, and so scammers have often used the offer of a “Dislike button” as bait for the unwary.


Here’s another example that is spreading, attempting to trick you into pasting JavaScript into your browser’s address bar, before leading you to a survey scam:

Offer of Dislike button leads you into posting script into your browser's address bar


If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

By Graham Cluley @

Warning: A New and Danger PayPal Phishing Scam Email

February 2, 2011 by  
Filed under Security News


I just received PayPal email and it said “Please Update Your Account”,  its not from PayPal its fake but the problem its duplicated  Frighteningly as PayPal site even when you open the link that included you will not doubt its fake, so see the video to know what I’m talking about.


Read more

New Fake Hotmail Phishing Scam On Action

January 29, 2011 by  
Filed under Security Channel

Rogue Facebook apps can now access your home address and mobile phone number

January 16, 2011 by  
Filed under Security News

In a move that could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number.


Facebook has announced that developers of Facebook apps can now gather personal contact information from their users.


Request for permission to access home address and phone number

I realise that Facebook users will only be allowing apps to access this personal information if they “allow” the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this.


Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service.


Now, shady app developers will find it easier than ever before to gather even more personal information from users.


You have to ask yourself – is Facebook putting the safety of its 500+ million users as a top priority with this move?


Wouldn’t it better if only app developers who had been approved by Facebook were allowed to gather this information? Or – should the information be necessary for the application – wouldn’t it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?


It won’t be take for scammers to take advantage of this new facility.


My advice to you is simple: Remove your home address and mobile phone number from your Facebook profile now. While you’re at it, go through our step-by-step guide for how to make your Facebook profile more private.


By Graham Cluley @



Identical twins meet on ChatRoulette? Another Facebook survey scam

September 26, 2010 by  
Filed under Security News

Have you seen messages on Facebook like the following?

Facebook identical twins Chat Roulette message


OMG! Look what happens when identical TWINS meet on Chat Roulette!
OMG LOL!! Twins meet for first time ever ON CHAT ROULETTE!! rofl --->> <LINK>


OMG! Look what happens when identical TWINS meet on Chat Roulette!
Doubt they will be using Chat Roulette again
OMG LOL!! Twins meet for first time ever ON CHAT ROULETTE!! rofl --->> <LINK> <<<--- sooo funny ...

It is, of course, the latest attempt by scammers to earn a few bucks by tricking you into visiting the link.


You might be intrigued by the thought of identical twins happening across each other on ChatRoulette, but the page you are taken to is going to force you to “share” the content with your online friends before it will actually let you see anything.


Facebook identical twins Chat Roulette message


And even then, you’ll be nagged to take an online survey (earning the scammers some commission). My advice is that you shouldn’t make this type of scam worthwhile by agreeing to take the survey – often you’ll find that the content you want isn’t waiting for you at the end of the process anyway (and if the video content exists, chances are that it’s also on YouTube for free).


So, all you’re really doing is helping the scammers earn their ill-gotten gains, because your account has now publicised the link to others claiming that you’ve “LOL’d” even though you haven’t seen any actual video content at this point.


Account sending out messages about identical twins on Chat Roulette

It’s a seedy dirty trick – so don’t play into the scammers hands, and think more carefully before you next “like” or “share” a suspicious link on Facebook.



Read More


Want to see who has viewed your Facebook profile? Take care..

July 26, 2010 by  
Filed under Security News

I’m increasingly being asked by folks on Facebook if it’s possible to tell who has been viewing their Facebook profile. A number have been attracted to webpages and Facebook applications that claim to be able to give you a secret insight into who is spying on your profile.


Well, if you’re one of those people who are curious about who might be watching you online, take care.


Right now we’re seeing a significant number of Facebook users posting messages such as:

OMG OMG OMG... I can't believe this actually works! Now you really can see who views your profile!!! WOAH


See who views your Facebook profile in real-time!!!

See who views your profile


However, like the “Justin Bieber cell phone number” scam and the “This mother went to jail for taking this pic of her son!” scam, the links pointed to in your friends’ status updates are not to be trusted.


If you make the mistake of clicking on the link to one of these pages offering to tell you who is viewing your Facebook profile, you will find that the people behind the “services” want you to do a few things first.


See who has viewed your profile scam page

For instance, they’ll ask you to “Like” their pages (which means you are spreading the link to friends in your social network), and they will ask you to advertise their site by posting an “OMG” message (with a link) to at least five different places on Facebook.


After all that hard work you would hope that they would give you access to the powerful Profile Spy app wouldn’t you? But I’m afraid your luck is out.


They’ll next ask you to hand over your personal information by taking numerous surveys – before ultimately trying to trick you into handing over your cellphone number which they’ll sign up to an expensive premium rate service.


See who has viewed your profile scam page


Remember, this scam doesn’t work as the result of clickjacking, or a vulnerability on Facebook. The scammers are achieving their ends because of human gullibility – pure and simple. If people considered what they were doing and thought twice about the possible consequences then we would see nothing like as many of these attacks occurring, and our news feeds on Facebook would see less spam.



Read More…


The ‘Never gonna drink Coca Cola again’ Facebook scam [WARNING]

July 15, 2010 by  
Filed under Security News

If one of your friends said they were never going to drink Coca Cola again after watching a horrific video, would you be tempted to watch the video?


Judging by the number of Facebook users who have posted status updates claiming they are never going to drink Coca Cola again, it seems plenty found it an invitation impossible to resist.


Never gonna drink Coca Cola again

A typical message reads:

<name> I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video --> http://www.[removed]

Find out the TRUTH about Coke!!!


If you do click on the link you will find yourself on a website saying that “9/10 People said they WOULDNT drink Coca Cola After seeing this video!!!” above a thumnail of a video which says that “Coca Cola can’t hide its crimes”.


Horrific video?


Perhaps surprisingly, this webpage isn’t exploiting the now familiar clickjacking technique to falsely claim that the Facebook user “Like”s the page without the user’s permission. Instead, they say you can’t watch the “horrific video” until you’ve shared the link on Facebook by hand seven times.


You haven't done enough of the scammers work for them

Scammers want you to repost the message seven times

The page claims to poll whether you have shared the link enough (in order to allow the video to be viewed). But when you realise you’re not making any progress – despite your valiant attempts to recommend the link to all and sundry – you might hit the link which says:


>>>Cant Be Botherd To Wait? --> Click Here To Skip This<<<



Read More…


‘More followers’ spam hits Twitter accounts

May 10, 2010 by  
Filed under Security News

Thousands of Twitter users are finding that their accounts have been compromised, and are posting messages advertising a website which claims to help users attract more followers.


A typical message reads:

CHECK out this site, im a member of it, It gets you more followers:[removed]

Tweets promoting the website

Clicking on one of these links takes you to the Twtfaster website, which asks you to enter your Twitter username and password.

Twtfaster website

Of course, regular readers of the Clu-blog know that it’s never a good idea to hand over your login credentials to a third party, and that’s the case with this site too. Curiously, when I entered bogus information on the above screen it didn’t display an error message – suggesting that it might be created simply to scoop up users’ login details. Hmm.. that smells worryingly like a phishing attack to me.


Further investigation finds some small print on the Twtfaster website that suggests that they plan to use your account to advertise their service – but I wonder how many people would read that before eagerly signing up for more followers?


One piece of good news is that TinyURL appears to be currently blocking links used in the campaign, but of course that’s not going to stop the people behind this latest outbreak from using alternative URL shortening services.

TinyURL blocking the link

So, if you’ve found out that your Twitter account has been sending messages advertising how to get more followers, I would recommend that you change your password immediately. And next time a third-party website asks you to hand over your username and password for Twitter, steer well clear.


It is possible that the accounts that are spamming out the adverts for Twtfaster have not signed-up for the site themselves, but have been compromised in some other way. Even so, that’s still a good reason to change your Twitter password. If you need help choosing a memorable, hard-to-crack password you should watch the video I made on the subject.


As I’ve discussed before, you should always exercise extreme caution before signing-up for a service which offers to increase your Twitter following.


Unfortunately, as the popularity of Twitter grows and the desire for more followers deepens we can expect more and more users to fall for scams like this.



by Graham Cluley, Sophos

Farm Town virus warning: Malvertising at work?

April 13, 2010 by  
Filed under Security News

Players of the online game Farm Town are being warned to be on their guard for malicious adverts that display fake security warnings in an attempt to dupe unsuspecting users into installing malicious code or handing over their credit card details.


SlashKey, the developers of the game which has over 9.6 million monthly active users on Facebook, has posted a warning on its forum advising players to be wary of warnings that suddenly pop-up telling them that their computer is infected:

If you suddenly get a warning that your computer is infected with viruses and you MUST run this scan now, DO NOT CLICK ON THE LINK, CLOSE THE WINDOW IMMEDIATELY. You should then run a full scan with your antivirus program to ensure that any stray parts of this malware are caught and quarantined.

If you do research on many of these spyware programs you will also find a myriad of sites proclaiming they are the only ones who can rid you of these programs. This is not true and on a personal level I urge you to use great caution as some of these so called wonder cures are as much of a scam as the malware you are trying to remove.


Hundreds of Farm Town players have responded on the forum, saying that they have been on the receiving end of the attack – but the worry is that many many more users may not have seen the warning and could have been tricked by the fake anti-virus warnings into infecting their computers or handing over personal information.

Farm Town virus warning

It appears that the problem is related to the third-party advertising that Farm Town displays underneath its playing window. In all likelihood, hackers have managed to poison some of the adverts that are being served to Farm Town by the outside advert provider.


Such malicious advertising (or malvertising as it is known) has been the vector for other infections in the past, including attacks against the readers of the New York Times and Gizmodo.


What makes this attack all the more serious, of course, is the sheer number of people that regularly play Farm Town, and that – in all likelihood – they might not be as tech-savvy as the typical Gizmodo reader, and thus more vulnerable to falling for the hackers’ scam.


Farm Town gameplay

Rather than SlashKey simply asking its players to report offending adverts when they appear, it might be sensible for the company to disable third-party adverts appearing alongside Farm Town until the problem is fixed.


It may not be Farm Town’s fault that a third-party advertising network is serving up malicious ads, but doing anything less is surely showing a careless disregard for the safety of its players.


Until the makers of Farm Town resolve the problem of malicious adverts, my advice to its fans would be to stop playing the game and ensure that their computer is properly defended with up-to-date security software. If you do feel you have to play Farm Town then it might be wise to disable adverts in your browser (for instance, using an add-on such as Adblock Plus on Firefox).


By the way, if you are on Facebook and want to keep yourself informed about the latest security news you may want to become a Fan of Sophos on Facebook.



By Graham Cluley, Sophos




Next Page »