Our previous post about malicious links being spammed out on Facebook said that the links were phishing attempts. Well, turns out it’s also a spyware scam.

So the links we saw being sent around led to a fake Facebook log-in page:

Looks like a plain vanilla phishing attempt so far. However, further testing with a dummy account showed that something a bit more interesting is going on.

If you enter your account details into the supposed log-in page, you’re directed to this enticing notice:

Who doesn’t want a free iPad, right? If you then click on the ‘Claim Now’ buttons for any of the oh-so-lovely prizes, you then get taken to this site:

Still no prizes for far. If you click on the big shiny button on that page, you get this:

And if you do download that, you get a consolation prize of…spyware. And you just paid for it with your account details. Shortly afterwards, Facebook got back to us about some suspicious access activity in our dummy account:

No, that’s not where we are. Clicking the ‘I don’t recognize’ button led to a new password creation page, which we could use to recover the dummy account.

OK, so this scam is still not terribly new or original. We blogged about a roughly similar scam running around Twitter in August of last year.

Fortunately, the malicious links directing users to these sites are now inactive, and most of the related sites seem to be down. Our product also detects and removes the downloaded spyware.

Still, stay alert and stay safe.

- Post by Shantini

On 22/02/11 At 03:00 AM

• More fake Twitter emails
  It’s been over a month since we wrote about fake Twitter email messages, and if it worked once for scammers, they’ll certainly try it again. Commtouch labs is seeing large quantities of &#...
• Bank of Baroda Phishing Scam
  Its now Bank of Baroda getting targeted for the phishing attacks. A mail having subject line : MESSAGE TO ALL BARODA CONNECT USERS!!! getting circulated containing an attachment. If you click to ...
• Phishing Scam in an HTML Attachment
  In a traditional phishing scam, a phisher usually sets up a website with a fake login form imitating a legitimate online services such as bank, social networking website, auction site or a payment pro...
• Free tickets on Southwest Airlines? It’s the latest Facebook scam
  Facebook users should beware the latest scam doing the rounds on the social network. A so-called opportunity to win free tickets with Southwest Airlines may look like a dream come true, but in fact i...
• Another Facebook phishing scam run
  Phishing scams in Facebook. It's not new and it's not sophisticated. But they still catch the unwary and they're still happening now, with only minor tweaks in tactics. End 2010, we saw a run of ph...
• Identity Sharing… Multi-component phishing attempt?
  I am going to Turkey. Yes! Yes!! Yes!!! I won!!!! But eh… Wait a minute? I did not even know I participated in a lottery!?!?! How it all started… As I own some domains, I can create alm...
• Fake McDonald’s Survey is Phishing Scam
  Appriver has uncovered a tasty new "Fillet O' Phish": A survey scam purporting to be from "McDonald's Consulting." The scam tries to get your personal information, including credit card acc...
• FDIC warns of phishing scam claiming “Patriot Act” violations
  The U.S. Federal Deposit Insurance Corp. and at least one bank are warning that an email phishing campaign has been detected in which potential victims are being told that their bank accounts have be...
• The 20 questions phishing scam
  Here is a rather intrusive phishing scam that targets the BMO Financial Group. You get to play the 20 questions game: Talk about some identity check! And then you get the final blow: And as always it...
• Harmless prank ends in tragedy? No surprise it’s a Facebook survey scam
  Sophos's page on Facebook has over 35,000 members - sharing information about the latest threats. Today I'm indebted to one member, Robert, who alerted me to a new scam spreading virally across the ...