Scammers have snatched up the opportunity to victimize people by leveraging the interest and anticipation over the upcoming release of iPad 3. Just days before its supposed launch, we have noted several posts on Facebook that claim to give away free iPad 3s to some “lucky” users.
Unlike previous Facebook threats we’ve blogged recently, this one does not involve clickjacking. Some users may have intentionally post this link on their social media accounts like Facebook to increases their points as a referrer and increase their chances of “winning” these items. Once users visit the site and click the image it will load the following page:
The page requires users to enter their email address to join the contest. To convince users to disclose this information, the page also indicates that there are only 2 spots left. Once their email address is provided, users are then redirected to these pages:
These pages explain the mechanics of the contest to make this ruse appear more credible. One of the mechanics requires users to promote or refer the link. They may do so by doing the following:
- Posting the exact link to social networking sites, such as Facebook, Twitter, instant messaging (IM) applications, etc.
- Copying the link to users’ own websites or pages.
In doing either of these instructions, users unwittingly spread the phishing page, in turn becoming spammers themselves.
We have also spotted spammed messages which also tells of a iPad 3 giveaway. Users need to click the link contained in these messages to join this “contest”. Once done, they are lead instead to a survey scam page that asks for users’ mobile numbers and network providers.
This is not the first time that iPad’s name has been used to spread cybercriminal activities. Last year, we have noted a scam spreading on Facebook that is supposed to be giving away 1,000 iPads in observance with the death of Apple’s co-founder Steve Jobs. As the anticipation over iPad 3 grows, users must remain careful before giving in to these type of scams.
To avoid this particular phishing attack, please ignore similar posts. It’d also help to inform your contacts that this contest, tempting as it may sound, is actually just another attempt by cybercriminals to steal personal information. To stay safe from this type of scams spreading on social networking sites, please check out our e-guides below: