Cybercriminals tend to leverage what’s popular and new. Case in point, the much-anticipated Google Project Glass is being used as a social engineering lure to trick unsuspecting users into scams.

We found that one of the top results for the search term “free Google glasses” is an eye-catching YouTube link with the title [{FREE}] Google Project Glass [[FREE GOOGLE GLASSES]:

Figure 1. Search results for ‘free Google glasses’

The video was copied from the original Google Glass YouTube advertisement. The YouTube video also contains information on how to get the Google Glass for free as seen in the screenshot below:

Figure 2. Youtube video

Read the rest of this entry »

The downside of popularity is that cybercriminals tend to abuse it for their own nefarious ends. Case in point, social networking sites have been often used to proliferate malware. Just recently, we spotted a Facebook clickjacking attack that leverages and abuses Instagram to point users to malicious websites.

Users encounter this threat by being tagged in a photo posted by one of their contacts on Facebook. The post states that users can know who visited their profile on Faceboofk and how often. It also includes a photo posted via Instagram.

We noticed that the photo and the names used in the “Recent Profile Views” (see below) are used repeatedly for other attacks.

Should users decide to click the link, they are lead to a page with instructions on how to generate the verification code. Once done, a pop-up window appears, which is actually the Instagram for Facebook app asking users to click “Go to App” button. Once done, it redirects users to a page that looks like the Facebook Home page.

Read the rest of this entry »