We recently found Twitter spam touting “gift cards” at the tail-end of the gift-giving season. In this run, Twitter users are lured into clicking a shortened URL with the strings “#mcdonalds gift card.” McDonald’s is a globally well-known fast food chain that, like many other establishments, do offer certificates and vouchers for patrons who would like to give these as gifts or rewards.

Unfortunately, closer inspection of the shortened link reveals a URL that doesn’t seem to have anything to do with McDonald’s gift certificates.

Instead, the link leads to the following site:

Clicking the “Join Now” button leads to some redirections that finally lands the page to an adult dating site.

We consider the URLs used in this attack as malicious because of the deceitful nature by which they are used. The lure “#mcdonald’s gift card” would have definitely led several users to believe that some gift certificates or vouchers are being given away or discounted.

Read the rest of this entry »

Cybercriminals quickly took advantage of news of Amy Winehouse’s death by staging online attacks. Amy Winehouse—a multi-awarded English singer and songwriter—passed away at age 27 over the weekend.

This is actually a standard behavior of cybercriminals. One attack we’ve seen on Facebook is the usual survey scam that involves an age verification page and a fake video page before getting the victim to take part in a supposed survey.

We noted that the survey involved in this attack is similar to the one described in the blog entry, “Survey Scam Offers Google+ Invites.” Users who are familiar with these types of survey scam attacks on Facebook are in a better position to protect themselves and to warn their contacts if they find malicious posts in their News Feeds.

The details of the Amy Winehouse Facebook survey scam are as follows:

• The user clicks a Wall post that supposedly features an Amy Winehouse video taken before her death.
• The user is then led to the following page:

Read the rest of this entry »