Ebay Gift Card Scam Casts Evil Eye

eBay Falls Victim to Cross-Site Scripting Attack
Facebook event announcing a $200 Ebay Gift Cards giveaway leads to classic Profile Peekers trap

It’s black magic 2.0., I kid you not! Let’s see how the evil eye tradition fits in with the online socialite’s system of beliefs and expectations.

First off, the question of the gift card announcement. It dawns upon you, just as a mighty revelation. When you least expect it, up goes the post that tells you Company x is giving away y value gift cards. It’s as natural as the Like button, as no company will theoretically refrain from using it as a social media incentive. So, what are you, the prospective beneficiary of this (not so) random act of generosity, supposed to do? Just say no?

Short of knowing somebody who knows somebody who can tell you that company X is actually running such a campaign on your social platform, you’ll just have to take the post at face value. The Oprah audience giveaways have spoilt us all, so who’s to say that there really is a good way of telling the good gift card from the bad one? (okey, you can Google it…but there are so many variants of this baby out there, that doubts will definitely not be cast away).

Indeed the card gift scam has a mesmerizing power, but…as we’re all, hopefully, armed with the seen it all done it all incredulity of online social life, let’s try to dig (not to deep) and find the source of this power.

First stop: Ebay promise land. Quick math: $200 x 10,000 attendants, that’s $2,000,000. Pretty impressive! (as agreed before, we won’t Google to check it, though, believe me, no company would miss the opportunity of bragging about such a stunt. “eBay to hand out 2 mil dollars Oprah style”…quite a headline).

It’s an event, so why not check out who’s on the guest list and, more importantly, how many people are going to attend (you know, to see what chances you’ve got).

Awwwwwwwwwwwww. Second emotional touch kicks in: love is in the air. With Valentines’ hearts stuck to our retina, we’ll be blind to the scam-like mechanism that we’re about to engage in:

a.        Instead of Like this page (preferably blindly), you’ve got Join

b.       Invite 50 Friends? No worries, why not get them into such a “sure thing” as this.

c.        SHARE….aaaaaaaaah. You’ve gotta give it to them. No one, and I mean no one, will refuse to spread the news about the giveaway before he/she actually gets something. Right?

And that’s where the magic ends. As you diligently click the link provided, you come face to face with the Wizard of OZ:

The Profile Peekers app, unimaginatively disguised as WhosStalking?. If you’re wondering what harm it might do, just take a look at its permissions:

…..and at the mementos that it eventually leaves in your Timeline:

Now, that’s a magic offer you can refuse.

This article is based on the technical information provided courtesy of Tudor Florescu, BitDefender Online Threats Analyst.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.