E-Threats Social Networks

Fresh Foursquare “Friend Request” Spam Leads to Viagra Fraud

Social network named Foursquare, which has just celebrated its 2-year anniversary with a user base of 20 million, has apparently come of age in the scam world as well.

How is it to order some Viagra, send money and never receive the products? Scammers have honed this trick elsewhere, but now pharmacy fraud has found its way to the location-based social networking platform. This is one of the first scams spotted by Bitdefender on Foursquare.

Foursquare users are being lured with an e-mail that looks like it’s from an imaginary Foursquare friend (with various names) who has just approved a friend request. If they click on the link to view the friend’s profile, users are brought to a page that looks like a legit Canadian pharmacy selling drugs without prescription.

According to the Bitdefender analysis, users who try to buy products such as Viagra or Human Growth Hormones are tricked into sending money, but never receive the goodies. Sometimes, even if they get the order, the products are far from the promised high quality, including fake medication that does nothing other than bank on the famous placebo effect.

Moreover, such bogus web stores use insecure pages for credit card transactions that could also lead to phishing. Similar spam campaigns have already made waves on other online services, including Facebook, LinkedIn, Twitter, and YouTube.

Ironically, the drug store says it operates a strict anti-spam policy.

“We do not tolerate unsolicited advertising messages,” the web store reads. “We will actively pursue anyone engaging in spamming activities! This includes email, icq, instant messengers, chat rooms, message boards, newsgroups or anywhere else where commercial postings are prohibited.”

Other scams that exploit Foursquare these days are in Russian. They purportedly come from the mobile social network, but redirect users to commercial websites trying to sell professional kitchen equipment or fire protection kits.

An interesting Russian spam allegedly comes from a web hosting and marketing company that may help users have 500 million product emails sent every day. Though these websites are now relatively harmless, they may be injected with malware after they spread on a larger scale. If you receive such bogus Foursquare notification emails, do not click on the links.

Foursquare users “check in” at venues using a mobile website, text messaging or a device-specific app by selecting from a list of venues the application locates nearby. Because of this feature, privacy issues started to surface more frequently. This prompted Foursquare to change the application programming interface. The company released it on May 8, saying it responded to the growing number of “stalker” apps that made users’ locations available to the public.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Ionut Raileanu, Bitdefender Spam Analyst, and Alin Damian, Bitdefender Online Threats Analyst.

About the author

Bianca STANESCU

Bianca Stanescu, the fiercest warrior princess in the Bitdefender news palace, is a down-to-earth journalist, who's always on to a cybertrendy story. She's the industry news guru, who'll always keep a close eye on the AV movers and shakers and report their deeds from a fresh new perspective. Proud mother of one, she covers parental control topics, with a view to valiantly cutting a safe path for children through the Internet thicket. She likes to let words and facts speak for themselves.