Lately, you may have noticed that when you try to send messages through Facebook’s mobile app on your phone and tablet, you are prompted to download the standalone Facebook Messenger app. It’s a cool app which allows you to message your Facebook friends, send picture and video messages, and call any of your Facebook friends […]
The video is not real, scammers are enticing users to download software and fill out surveys.
Read more…
The video is not real, scammers are enticing users to download software and fill out surveys.
Read more…
Attackers have become more aggressive and are now using Facebook scams to lead to exploit kits so they can control a user’s system.
Security and privacy on Social Media is a big topic at AVAST. While our antivirus products protect your various devices from malware infection spread on social channels, your privacy is still exposed to the public. Not anymore! It’s been a while, since we acquired Secure. me and it’s a superb product. Our team worked hard to […]
Security matters to everyone, however security of our children is our top priority. We make sure that they are safe at school, home, and on the streets. Equally we need to provide them with a safe experience in the cyberworld. Recently, we published a blog about general online security of the children, which suggested that […]
Late last week, Facebook users in India were tricked by scammers who were claiming to offer a tool that could hack Facebook in order to obtain passwords belonging to the users’ friends. Unfortunately for these users, they actually ended up hacking their own accounts for the scammers and exposed their friends in the process.
Figure 1. Scam promoting how to hack your Facebook friends
Want to hack your friends?
A post began circulating on Facebook from a particular page featuring a video with instructions on “Facebook Hacking” with a disclaimer stating that it was for education purposes only. The post links to a document hosted on Google Drive that contains some code that, according to the scam, will allow users to reveal their friends’ Facebook passwords. The instructions attempt to convince the user to paste the code into their browser console window and asks them to wait two hours before the hack will supposedly work.
You just hacked yourself
Figure 2. Facebook account hijacked to follow and like various pages
What really happens when you paste this code into your browser console window is that a series of actions are performed using your Facebook account without your knowledge. Behind the scenes, your account is used to follow lists and users, and give likes to pages in order to inflate the follower and like counts defined by the scammers.
Figure 3. What does the Fox say? I have over 56,000 likes!
Your account is also used to tag the names of all your friends in the comment section of the original post. This is done to help the scam spread further, playing off the curiosity of your friends, who may visit the post to find out more and hopefully follow the instructions as well.
Figure 4. User’s compromised account tags friends in the original scam post
What is this type of scam called?
This scam is a variation of a method known as self-XSS (self cross-site scripting), where a user is tricked into copying and pasting code into their browser’s console that will perform various actions on their behalf.
Facebook is trying to discourage users from unwittingly causing harm to their accounts through this method. Some users that attempt to paste code may receive a warning from within their browser’s developer console that points to the following link:
https://www.facebook.com/selfxss
Is this type of scam new?
This type of scam originally began circulating back in 2011. This current iteration has been around since at least the beginning of 2014.
The original scammers behind this iteration had great success with the scam at the beginning of this year, netting between 50,000 to 100,000 likes and followers on a number of pages and profiles. Some of the variable names in the code (mesaj and arkadaslar) suggest the authors are of Turkish descent.
Why is this affecting users in India?
For this campaign, the individuals responsible are based in India. They have modified the original authors’ code by simply adding their own pages and profiles into the script to increase their follower and like counts.
What to do if you have fallen for this scam
If your account has liked and followed a number of pages and profiles without your consent, you should review your activity log. From your activity log, you can locate, unlike and unfollow the pages and profiles associated with this scam. You should also consider posting a status update notifying your friends about the scam to make sure they don’t fall for the same trick.
The opposite of ethical hacking
Figure 5. Scammers label their efforts as “ethical hacking”
While investigating this scam, we found that the individuals behind it were publicly discussing their efforts. Speaking in Punjabi, one of the individuals summed it up by saying, “Now this is the way ethical hacking is happening.” However, these efforts couldn’t be further from the concept of ethical hacking.
A lesson learned
Always remember that if it sounds too good to be true, it is. Being able to hack someone’s Facebook password by just pasting some code into your browser sounds way too easy and should signal that this is a scam. At the end of the day, your account would be impacted and the safety of your account could be at risk. It’s best to err on the side of caution and think twice before following instructions that ask you to paste code into your browser to hack passwords or unlock features on a website.
Last year, Facebook had the dubious honor of containing more spam than other social networks. In order to combat this scourge, Facebook recently announced a series of improvements to the News Feed to help ensure that spammy content does not drown out the posts that people really want to see from friends and Pages they […]
政治家がフィッシングサイトで利用される例は後を絶ちませんが、インドの総選挙が始まったことを受け、フィッシング詐欺師は地元の政治家やその政党を餌にインドのユーザーを狙い始めています。
シマンテックは最近、Facebook の表示を偽装するフィッシングサイトを確認しており、なかには元ニューデリー州首相でありアーム・アードミ党の党首であるアルビンド・ケジリワル(Arvind Kejariwal)氏も含まれています。フィッシングサイトのホストサーバーは、米国ミシガン州のランシングに置かれていました。
図 1. フィッシングサイトに掲載されている偽の「いいね」ボタンとアルビンド・ケジリワル氏の写真
上の画像でもわかるとおり、フィッシングサイトには「Unite With Us Against Corruption(団結して政治の腐敗と戦おう)」というタイトルが付けられ、アーム・アードミ党のポスターと、Facebook の偽の「いいね」ボタンが使われています。サイトの背景画像は同党の党首アルビンド・ケジリワル氏の写真で、氏が先日 Twitter に投稿した「Political revolution in India has begun.(インドの政治革命が始まった。)Bharat jaldi badlega」というモットーも書かれています。最後の言葉は「もうすぐインドは変わる」という意味です。
この「いいね」ボタンをクリックすると、アーム・アードミ党のページに「いいね」を付けるために、Facebook のログイン情報を入力するよう求められます。
図 2. アーム・アードミ党のページに「いいね」を付けるために Facebook のログイン情報を入力するよう求められる
このフィッシングページで使われているログインの指示には、紛らわしい部分もあります。アーム・アードミ党の名前を出すかわりに、Facebook のユーザー情報でログインし、可愛い女の子の写真に「いいね」を付けるよう求めてくるのです。これと同じように女の子の写真を使うフィッシングサイトは、以前にも登場したことがあります。フィッシング詐欺師が同じテンプレートを使って別のアプリケーションをホストするのはよくあることですが、どうやら今回は、可愛い女の子の写真についての説明を変更し忘れたようです。ユーザーがログイン情報を入力すると、フィッシングサイトから確認ページにリダイレクトされます。確認ページでは、もう一度「いいね」ボタンをクリックするよう求められます。
図 3. 確認ページに表示されるログイン確認メッセージと「いいね」ボタン
確認ページには、前のログインページで入力した電子メールアドレスが表示されます。「いいね」ボタンの横には、アーム・アードミ党がこれまでに獲得した「いいね」の件数も表示されますが、これは偽の数字です。ボタンもダミーであり、何の機能も果たしていません。この手口に乗って個人情報を入力したユーザーは、個人情報を盗まれ、なりすまし犯罪に使われてしまいます。
インターネットを利用する際には、フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。
Politicians are frequently featured on phishing sites and in light of the ongoing general election in India, phishers are starting to target Indian users by using a local politician and his party as bait.
Symantec recently observed a phishing site which spoofs Facebook’s appearance and includes Arvind Kejariwal, the former chief minister of New Delhi and leader of the Aam Aadmi Party. The phishing site was hosted on servers based in Lansing, Michigan in the US.
Figure 1. A fake Facebook “like” button and a picture of Arvind Kejariwal on the phishing site
As seen in the previous image, the phishing site, titled “Unite With Us Against Corruption”, uses a poster of the Aam Aadmi Party along with a fake Facebook “like” button. The site’s background image is a picture of the party’s leader Arvind Kejariwal and his latest Twitter tagline, which states that “Political revolution in India has begun. Bharat jaldi badlega.” The second sentence translates to “India will soon change”.
After clicking on the “like” button, users are prompted to input their Facebook login credentials so that they can “like” the Aam Aadmi party page.
Figure 2. Users are asked to input their Facebook login data to “like” the Aam Aadmi party page
The phishers also used a misleading login prompt in the phishing page. Instead of mentioning the Aam Aadmi Party, the page tells users to log in with their Facebook details to like cute baby pictures. Symantec has already seen a similar phishing site which used a picture of a young girl. Phishers frequently use the same template to host different applications but this time, they forgot to change the reference to cute baby pictures. After the user enters their login credentials, the phishing site redirects the user to an acknowledgment page. The Web page then asks the user to click another “like” button.
Figure 3. A login confirmation and the “like” button on the acknowledgement page
The email address entered in the previous login page is now displayed on the acknowledgement page. The “like” button is placed beside a fake number that claims to show the amount of likes the party has already gained. However, the button is just a dummy and does not perform any functions. If users fell victim to the phishing site by entering their personal data, phishers would have successfully stolen their confidential information for identity theft purposes.
Symantec advises Internet users to follow these best practices to avoid becoming victims of phishing attacks.