Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    It looks like the Facebook picture scam I blogged about last November is having a rerun, with a new modus operandi and some new content.

    Here is how it starts: a Facebook friend posts an image to your Facebook profile:

    So of course you type in the URL and head on over to stealing pics. Now, you have to agree to the Terms and Conditions before you log in, so if you work for Facebook, MySpace, or Google, please read no further.

    OK, I’m in. I can’t believe people have been posting pictures of me online again, I’m going to have to ban cameras when I rule the world. For now I just have to find the photos and take them down.

    Hmm, this looks familiar. I click.

    Eh? Where are the pics. Oh, I get it. Just some fun before I get to the real site. I hope there’s nothing sneaky hidden under that scroll bar…

    Oh, I see, an auto-renewing subscription service costing just $9.99/month. Well, I suppose some people might be happy with that. I’ll play along. I select random answers to each of the questions, and finally:

    That’s the money shot, right there. I enter a random phone number, but the site detects that I am not visiting from the US, and helpfully serves me up a new offer, this time based in the UK.

    Just what I always wanted, a “e-credit card” (what’s that?) with some very interesting T&Cs of its own. Membership fee of £79.95 plus £4.95 per month for “maintenance.” Oh, and a £9.95 inactivity fee, where can I use this wonderful e-credit card? Ah, I see, only at the e-Credit Plus Shopping Club website.

    Hmm. I think I’ll forego that offer:

    No, really, it’s OK. Thanks! I click cancel.

    Ah, now we’re back on familiar territory, I’ll give my details, and click:

    No, honestly, I DON’T WANT YOUR ECARD!

    Enough! I begin clicking the counterintuitive “OK” button.

    Back once again to the familiar old bulletin pics scam from my previous blog post. I give them my password along with my name and email address, they show me a picture of a monkey, and finally they let me know exactly how I can go and email this to all my friends, just in case the traditional, delivery through compromised accounts doesn’t work for them.

    It’s enough to make you Twitter, I tell ya!

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice