News of Whitney Houston’s sudden demise spread like wildfire in the Internet. Countless tweets, Facebook wall posts, and news items circulated regarding the singer’s death at age 48. Given the massive attention around Houston’s death, cybercriminals were quick in taking advantage of this unfortunate incident.
We have uncovered two web threats shortly after the news broke. One was a clickjacking attack found on Facebook, while the other one was a link circulating on Twitter.
RIP “Whitney Houston” leads to Clickjacking
My colleague Karla Agregado found a fake video spreading on Facebook. Wall posts with the subject “I Cried watching this video. RIP Whitney Houston” come with link to the supposed video. Clicking it leads them to a Facebook page that contains a link to the video. However, clicking this link only leads to several redirections until users are lead to the usual survey scam site.
Upon further investigation on the domains involved in the redirections, we also found 101 more survey scams registered on the same IP where the domains are hosted.
RIP Whitney Tweets May Lead To Web Threat
We also found Tweets with malicious links that also took advantage of the tag RIP Whitney Houston, which was trending worldwide on Twitter.
The said Tweets contain a link to a particular blog dedicated to the late singer. Users who view the page are automatically redirected to another website. The succeeding page is a site that supposedly features several Whitney Houston wallpapers. Once users decide to download a wallpaper from that site, a pop-up window appears and asks users to download some Whitney Houston ringtones.
Leaving the page or staying in it redirects to a survey site that asks for mobile numbers.
Using newsworthy events, like the death of a celebrity (including death hoaxes), is a common lure for cybercriminals. There were other attacks in the past that made use of a similar scheme.
- Facebook Scam Leverages Lady Gaga’s “Death,” Bypasses HTTPS
- Amy Winehouse’s Death Used in Online Attacks
For more information on survey scams, please check Karla’s past post, Survey Scams as Cross-Platform Threats.
Users must always be cautious when clicking news items on their Facebook or Twitter feeds. As a way to keep updated on the news from legitimate sources, it’s best to bookmark reliable news sites to avoid falling for cybercriminals’ traps. For more helpful tips on how to better protect yourself from these threats, you may read on our comprehensive ebook guide “A Guide to Threats on Social Media”.
Trend Micro protects users from this attack via Trend Micro™ Smart Protection Network™ that blocks all related malicious URLs.