For sometime now we’ve been reporting threats targeting Facebook users, most of which result in users unknowingly spreading spammy links to their networks. We’ve seen different social engineering techniques used such as stalker tracker tools, news involving celebrities, and even footages of the recent Japan tragedy.
The said threats usually involve links accompanied by inviting text posted in affected users’ walls. Other users who get tricked into clicking the said links unknowingly execute a script, which lead to posting the very same spammy content.
Recently, however, we saw a different version of this scheme, which leverages a commonly used feature in Facebook—Events.
Instead of posting the spam links in users’ walls where it can easily get lost in the news feed, cybercriminals now use the Events feature to really grab their targets’ attention.
In this scheme, spammers create an event that will be enticing to many users. For example, we saw one event in a post that said “How to Find Out Who’s Viewing Your Profile.”
In the post’s More Info field, the spammer puts instructions that invited users must follow to be able to “view” or to “enjoy the service” the post promises—in this case, the ability to find out who viewed their profiles. You can see that most of the instructions contain ways to promote the event with the last step being to click a certain shortened link.
Needless to say, users tricked into following the given instructions end up promoting the spam event and making money for the spammer. Visiting the page the shortened link points to also executes a script that publishes the same link on the affected users’ walls.
This scheme seems to work fairly well for spammers, as we’ve seen spam events to which tens of thousands of users registered as attendees. We also observed that similar spam event posts are frequently updated by their posters, usually only modifying the provided links to avoid blockage.
As such, users are warned to ignore invitations of a similar nature. We are continuously monitoring for similar spam and blocking related URLs with the help of our Web Reputation Technology.