MISCELLANEOUS

No comment? Try again!

iPhone flavored Facebook scam finds a new way of impersonating users and of hijacking their comments.

What’s your News Feed there for if not to deliver THE news? Despite its being a classic trick (for most of us), any i[insert device name]-related info still reigns in the top social baits. In the case at hand, the star is (supposedly) the NEW iPhone 5. It’s a simple, yet effective scenario.

The (more or less) avid gadget addict inside you will immediately start kicking and screaming: gotta click, gotta click! His/her tiny voice will grow stronger, its echo amplified by the fact that one of your friends clearly clicked the link and EVEN added a comment (gooooooood must really mean good, don’t you think?). So why not go ahead?

If you take your chances, you’ll end up on a page which cleverly boasts an iPhone 5-themed background, and which puts YOU to the test before you actually witness the promised revelation. A simple question – Are you human? – with numerous philosophical implications and even more safety-related ones. Experience (at least the bits and pieces that the Crème de la Social Scam series has managed to put together, here, for instance) has hopefully taught us all that any human verification test should set off our scam alarm.

Let’s just say that this time you’re swept off your feet by the minimalist approach the designer of this page has chosen and, warmheartedly (after seeing the nice little robot in the top right corner being banned from the happy crowd that WILL witness the new iPhone 5 miracle) click again (right there, on the red sign, mind you!).

What happens next? More of that lovely minimalism works its charm as you are invited (no instructions, this must really be a new trend!!!) to type in the displayed word.

“Awww, come one, what harm can it do?”. Just wait and you’ll see. The fake Click button hides a Comment button that will send your verification word onto your wall, disguised as a comment in which you express your admiration for what you’ve just supposedly seen.

And on goes the human verification game. Besides the obvious annoyance of having to explain to your friends the trick they’ll think you have just played on them, there’s the danger of the respective page being later on used to spread malicious content. In other words, if you don’t delet the post, the next friend who sees it and clicks might end up on a phishing page or even on a page advertising various downloadable tools that will his/her computer into trouble. Once the scammers have secured their audience, the sky’s the limit to the extent of the damage the malicious content can do.

“The interesting thing that we’ve noticed in this case is a sort of delayed explosion strategy. This scam has been somehow laying dormant for a couple of weeks and it’s now in full bloom. Seems like social scammers are carefully testing the virality of a method before releasing it in the wild”, commented George Petre, BitDefender Threat Intelligence Team Leader.

BitDefender Safegousers are protected against this scam.

Safe sharing!

This article is based on the technical information provided courtesy of George Petre, BitDefender Threat Intelligence Team Leader

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.