Aug5 |
4:16 pm (UTC-7) | by
Paul Pajares (Fraud Analyst) |
We recently analyzed a Facebook spam that supposedly came from media organization, British Broadcasting Corporation (BBC). This reminded us of how cybercriminals used social networking site, LinkedIn, early last month.
The attack starts with a wall post with the subject, BREAKING: Lady Gaga Found Dead in Hotel Room, and a link to the legitimate site, www.bbc.co.uk, as well as a description that says, “This is the most awful day in the US history.”
 |
This lured users with a video that was supposedly hosted on BBC’s site. Clicking the link in this wall post, however, actually redirected users to a malicious site.
 |
This site contains URLs, buttons, and images that replicate the legitimate BBC site. In reality, however, the page only contains a large image with the Play button being the only clickable element. Users who were curious enough to check out the video were prompted to complete a survey before they could play the video. While this is happening, their respective accounts were being set to Like the wall above-mentioned wall post.
 |
 |
Clicking the You won! button leads to ad sites that allow attackers to earn money from every user visit.
During our analysis, we also noted that this Facebook spam does not display a warning message for the site redirection, thus bypassing the site’s SSL/HTTPS feature even if it is enabled.
Such Facebook attacks that use news items featuring celebrities, pop icons, and significant world events are something that we have seen before. Just recently, we noted a similar Facebook ruse, which used the recent demise of singer Amy Winehouse and required users to answer a survey and to disclose their mobile phone numbers.
Users are advised to continuously be wary of such threats and avoid clicking links to such scams on Facebook. Trend Micro protects product users from this attack via the Smart Protection Network™ by blocking all related URLs.
As cybercriminals persistently look for ways to use Facebook and other social networking sites for their malicious schemes, social media users can protect themselves by checking out our report, “Spam, Scams, and Other Social Media Threats.”
Needless to say, Lady Gaga is still alive.
Share this article |
 |
        |
17 Responses to “Facebook Scam Leverages Lady Gaga’s “Death,” Bypasses HTTPS”
Trackbacks
- TrendLabs (TrendLabs)
- ChadChoron (Chad Choron)
- Warning out vs ‘Lady Gaga is Dead’ Facebook scam – GMANews.TV
- Warning out vs ‘Lady Gaga is Dead’ Facebook scam | HollywoodDaily.us
- sps_it (SPS IT GmbH)
- 2020plus1 (Alan Potts)
- TrendMicro Malware Blog August 8, 2011
- Facebook Scam Leverages Lady Gaga Death, bypasses HTTPS | Malware Blog | Trend Micro
- Hurricane Irene Scam Hits Facebook | Malware Blog | Trend Micro
- Trend Micro Asia Pacific News Library - The Geography of Social Media Threats [INFOGRAPHIC]
- Una estafa basada en el huracán Irene se propaga por Facebook » blog.trendmicro.es
August 7th, 2011 at 5:50 pm
Damn they are getting clever aren’t they, thanks for the heads up.
August 8th, 2011 at 12:34 pm
Very popular method that hackers use – something that people just can’t resist clicking on!!! Sneaky ******s!!! At least it’s been flagged up.
August 11th, 2011 at 10:46 pm
I’m still waiting for Facebook to take action against these types of scams, they have been circulating on this social network way to long now. I bet these scams have resulted in people leaving Facebook.
This is spam emails, on another level.
August 17th, 2011 at 8:20 pm
Facebook Should take serious actions against these kinds of Rumors and should ban those ips which are rapidly found in these kinds of activities.
Hope for the better.
August 21st, 2011 at 6:33 pm
Man, people will do anything to get people to click on things, I think some of those facebook scams are appalling. It’s especially terrible to make people think someone has died when they have not! Thanks for sharing this info though, I appreciate it!
September 5th, 2011 at 11:31 am
“This is the most awful day in the US history.”
They even have a sense of humor as well.