Phishing

Firefox Extension Used in Facebook Scam

Published: March 23, 2011 Reading time: 3 min

Symantec Connect: Not only Facebook is adding new and interesting features to its toolbox; spammers and scammers in Facebook are, too. Currently there is a scam making rounds using a classic “who is viewing your profile” themed bait. So far – nothing new. After the user grants the application the requested privileges, which of course will send out the above mentioned spam posts to all his or her friends, the user gets redirected to a download instruction site. There he or she is asked to download the Firefox browser and then install a popular Firefox extension which allegedly gets downloaded over 27,000 times per week. This simple tweak should generate a new menu entry in Facebook which would then show user statistics. ...

Continue Reading

Don’t Lie to Me, Angelina!

Published: December 15, 2010 Reading time: 2 min

Earlier this year I received a Facebook invite in my Yahoo! Mail account from none other than Angelina Jolie herself. I kid you not. While it’s true that we live in the Digital Age where communicating with anyone is a mere tap of a finger away—whether it’s via email, IM, Facebook, Twitter, etc.—the chances that Ms. Jolie would randomly reach out to a regular Joe, such as myself, is still pretty darn improbable. So, the following questions raced through my mind: ...

Continue Reading

Taking a look at fake Amazon receipt generators

Published: December 7, 2010 Reading time: 3 min

Sunbelt Blog: Above, you can see a vaguely optimistic VirusTotal user summary in relation to a file that’s been doing the rounds for about a month or two. Here is the file in question: A “receipt generator”, I hear you ask – what do people want with one of those? The answer, of course, is rather straightforward: This is a particularly interesting scam, as it doesn’t target regular PC users – it targets the people who sell you things, such as the merchants on the Amazon marketplace. This is what the would-be social engineer sees when they fire up the program: ...

Continue Reading

Adobe update spam scam

Published: December 6, 2010 Reading time: 2 min

Here’s the latest twist in the “membership” site scam: spam emails that tell potential victims to update their Adobe Reader include links to a web site intended to look like something related to Adobe products, but is selling “memberships.” The REAL way to update your Adobe software is on the help menu: help | check for updates (see the end of this blog piece for details). The spam email: ...

Continue Reading

Proxy services take novel approach to privacy

Published: December 6, 2010 Reading time: 1 min

You’ve locked down your computer. Nothing is going to bypass your privacy shielding programs. AdBlock is fully loaded, NoScript is ready to roll and RefControl is sending “Party on, Wayne” as your custom referrer to all and sundry. However, you really want to hide your IP address too and decide to load up one of the many web-based proxy services available. Something humorous I’ve noticed across many web-based proxies recently is that they’re jumping on a marketing strategy that might be slightly at odds with their attempts at privacy for the end-user. In order to keep your private details private, you have to _fill in a survey and hand over a bunch of information to third party marketers. _ Type in a URL, hit the “Go” button on the proxy and you’ll see one of these: ...

Continue Reading

This isn't a video, it's a phish

Published: December 6, 2010 Reading time: 1 min

You might be seeing something on your Facebook wall today: Sadly, it’s not a fun video. It’s just a phish. The link goes to apps. facebook.com/ lookatuhah, which then redirects to a phishing site: In other words, if you’re absent-minded enough to enter your credentials again, they will be used to then send more of these stupid fake videos posts to others — or do any of a number of other rather nefarious things.

Continue Reading

Can you really see who viewed your Facebook profile? Rogue application spreads virally

Published: November 28, 2010 Reading time: 3 min

SophosLab: Once again, a rogue application is spreading virally between Facebook users pretending to offer you a way of seeing who has viewed your profile. As we’ve described a couple of times before, plenty of Facebook users would *love* to know who has been checking them out online.. but unfortunately scammers are aware of this, and use the lure of such functionality as a way to trick you into making bad decisions. ...

Continue Reading

Beware the Justin Bieber erection Facebook scam

Published: November 24, 2010 Reading time: 3 min

That’s possibly the most unlikely headline I’ve ever had to write in my computer security career, but never mind.. My guess is that regular readers of the Naked Security site might not be ardent fans of Justin Bieber – but chances are that some of you have young daughters or nieces who can’t get enough of the pint-sized pop hamster. If that’s the case then they might be intrigued by a message that is spreading virally across the Facebook social network claiming to be footage of… and how can I put this delicately? I don’t think I can.. Justin Bieber with an erection. ...

Continue Reading

Facebook brand pages hit by malicious links

Published: November 10, 2010 Reading time: 2 min

CNet: The latest security fiasco on Facebook’s application platform may involve business pages rather than personal accounts: Sendible, a company that makes software for businesses to manage accounts and presences on various social-media services, looked like it was hit by a virus or hacker on Tuesday afternoon: TechCrunch pointed out that Sendible-managed brand pages on Facebook appeared to be posting malicious links. Now Sendible’s claiming it wasn’t their fault. “Just to clarify, Sendible was not hacked,” the company posted to its Twitter account. “One of our users has discovered a major flaw in Facebook’s security.” Sendible’s Twitter account then quoted the user in question, who said, “i wanted to post only on a few Facebook walls as a fan – and for some reason, posted as the page Owner. weird,” and Sendible added “This appears to be a bug in Facebook’s API as the posts should have been displayed as the user profile and not the page owner.” ...

Continue Reading