Scammers don’t waste any time as they always come up with new ways to avoid the Facebook security measures. As I am writing this post, a new type of scam is making its rounds on social networks, using an original propagation method.
The scam takes advantage of the Facebook option that allows users to post their content by e-mail. The scam bait does not appear to be special as it simply promises a free Facebook Mug.
After clicking the link, the user is taken to a page that requires him/her to hit a couple of Likes, a step this sample shares with other Facebook threats.
As you can see, the page tries to imitate the Facebook style in order to gain users’ confidence. After clicking the required Likes and the Continue button, the user is surprisingly taken to a page that provides details about the inexistent Facebook Mug.
While the latest Facebook scam waves have chosen the shorter “install add-on” approach, this kind of threats generally requires that the user go through at least one more step before they get to the core scam action. I believe that in this case the all of the other intermediary steps are skipped because the scam authors want to avoid raising suspicion and because they probably assume that providing details about the item makes it seem more real to the user.
Next comes the most interesting part of the scam: a step-by-step guide to obtaining the e-mail address that Facebook provides to each user for e-mail posting purposes.
Following the information on this page, I obtained my Facebook e-mail address or ID, which I was then prompted to enter on the scam page.
Providing this piece of information to scammers is a big mistake as they would then be able to post anything on your Facebook Wall. Even if it does not provide direct access to an account, in some ways, having this e-mail address is better than having your Facebook password. Here’s why:
1. Facebook has set up GeoIP security measures intended to block scammers from logging into hijacked accounts. Even if the highjacked account is not blocked, the account owner will at least receive an e-mail from Facebook warning him/her about the suspicious activity, which might prompt him/her to stop the hack.
2. Posting by e-mail does not prompt any warning from Facebook. Users might not notice the scam posts on their Walls until they visit their own Facebook profiles.
3. Scammers can easily post on Facebook in users’ name by sending in e-mails. Automatic posting by means of a software/script from within a browser is much more complicated.
4. The same scam can be distributed to a vast number of users just as spam.
The fact that the scam eventually reaches the fake survey step won’t matter much after all this.
An important wave of stolen e-mail addresses posting scams is sure to prompt additional security measures from Facebook, but how many users will have already been affected by then?
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
This is really a nice site . I liked it . I also liked your writing.
I always prefer to read the quality content and this thing I found in you post.Just some of the best improv, stand-up, and theater actors in town.
This is really a nice site . I liked it . I also liked your writing.
This is really a nice site . I liked it . I also liked your writing.
A perfect info source. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.
you have done a great job to create this type of blog site.i really impress your ideas and views about this particular topic.
I always prefer to read the quality content and this thing I found in you post.Just some of the best improv, stand-up, and theater actors in town.
I found in you post.Just some of the best improv, stand-up, and theater actors in town.
You seem to have a bit of comment spam going on here!
I laughed at the image of the promotional Facebook mug, the materials description as “bone China”, No, I don’t think so, not for a mug! I wonder how they came up with that. They also mixed English and metric measurements and had lots of grammar and kerning errors. If scammers ever learn how to get the little details correct, they will be unstoppable, I am afraid. Those small errors and inconsistencies are what I use as red flags… while I still can.
Rapid Modeling Corporation is a simulation, modeling, and optimization consulting firm that specializes in hospital and factory Industrial Engineering Software and Services.