From likejacking to photo-tagging, Facebook scammers are constantly searching for new ways to get their scam campaigns to spread through the social network. Early this weekend, we observed a new type of scam, this one leveraging Facebook’s new social plugin for websites that allow for comments. This is being exploited by scammers to get their rogue websites visible on users’ news feeds, because for a scammer, the more eyeballs that see these posts the better.
Familiar Justin Bieber scam returns in a new form
There are various flavors of the scam making the rounds. However, the newest one to make the rounds focuses on a familiar Apple product: the iPhone. With rumors circulating about the iPhone 5, loyal Apple followers are drawn to the various news articles that cover these stories. So, it’s no surprise that scammers have decided to piggyback on this for their latest scam.
iPhone 5 Scam spreading on Facebook
The scam begins with someone in your social network “commenting” on a post like the one above. The report claims to be from Wired News and has one of those headlines that is used to lure a user into clicking on the link.
iPhone 5 – Scam Page
Once a user clicks on the link, they are redirected to a random .info site. There have been over 10 of these in circulation for this particular scam. Before the user can click on anything, they are asked to answer a CAPTCHA-like verification form:
Human Verification overlay for Facebook Comments
This effectively tricks the user into inputing the number 5, which actually results in the user leaving a comment for the .info website through the use of the Facebook social-plugin layer for comments. This is why users will see that ‘John Doe’ commented on randomsite.info on their Facebook News Feed.
iPhone 5 Scam Page: Download the ‘Exposure’ Video
Unlike most Facebook scams of late, at the end of this rainbow, there is no survey scam. Instead, the users are prompted to download an executable file.
Installer for ‘videogameboxinstaller.exe’
The executable file is videogameboxinstaller.exe and it is dubious in nature, as it downloads other pieces of software. “AnyLike” claims to allow users to “like” any and everything on the web.
AnyLike Browser Application Installation
“PageRage” allows users to add style to their Facebook pages:
PageRage – Be sure to read the terms!
PageRage notes in its terms above that it will display ads to the end user. Sounds like Adware? Four antivirus vendors agree, flagging this as Adware.Yontoo. This also seems to indicate that there is some affiliate program involved. And sure enough there is:
Details on how to become an affiliate for PageRage
At the heart of all these Facebook scams lies the same principal: a way for the scammers to make money by tricking users. Survey scams have been working quite well, so it makes sense that scammers would begin focusing their efforts with pay-per-install affiliate programs.
There are other Facebook comment scams (dubbed “comment-jacking”) that are making the rounds, including one regarding Free Airline tickets aboard Southwest Airlines.
Southwest Airlines Comment-Jacking Scam
As we have advocated for many other Facebook scams, the key here is to be aware that scammers will do whatever it takes to make a fast buck on the backs of social networking users. That’s why they tend to jump on topics that might appeal to a user (Apple iPhone 5, Free Airline tickets, etc.).
If it looks too good to be true, there’s a very good chance that it is. Look out for the people who are apart of your personal social network: friends and family members. Let them know about scams like these, because awareness remains a big piece of the puzzle.
Note: At the time this blog was published, over 100,000 visits have been logged to the various links in circulation:
Over 100,000 Visits to the various scam pages
