• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Social Networking Threats to Think About As 2012 Ends

Social Networking Threats to Think About As 2012 Ends

  • Posted on:January 2, 2013 at 10:11 am
  • Posted in:Bad Sites, Social
  • Author:
    Arabelle Mae Ebora (Fraud Analyst)
0

Possibly the most common sham seen on social networking sites, survey scams have certainly figured prominently in this year’s Web threat story. Phishing scams aimed at sites like Facebook are also prevalent this year. Before we bid 2012 goodbye, we give you a rundown of some Facebook-themed scams and threats we saw during the last week of December.

Choose Your Facebook Theme Scam

Possibly an incarnate of last February’s fake Facebook Valentine’s theme, we saw two scams that peddle new color themes for Facebook. The first scam promises a red or black Facebook theme. This scam was even found spreading on Tumblr.

The second scam, on the other hand, offers more colors for users. Despite offering choices to users, the infection chain is essentially just the same. Once users clicked the URL, it leads to a series of redirections then finally to a phishing page.

These survey scams start out as posts from user’s Facebook contact. These posts are usually anchored on social engineering lures e.g. scandalous video, free iPad3 etc. to whet user’s curiosity. Once they click the link provided in these posts, they are asked to follow certain instructions leading to several page redirections. Finally, users are asked to fill out a survey form, usually asking for personally identifiable information (PII) like mobile numbers, email addresses etc.

Certain Direct Messages on Twitter Lead to Phishing Page

Twitter users are no stranger to such threats. Up to this day, they still encounter fake accounts that reply to tweets with a shortened link. In addition, we’re still seeing malicious messages sent to user’s direct message (DM) inboxes.

A recent example is a direct message we saw on Twitter that grabs users’ attention by implying that the link leads to a site that has a provocative picture of the user.

Instead, the link leads to a fake Facebook page designed to steal the users’ Facebook credentials.

So why are we still seeing these threats spreading on social networking sites like Facebook and Twitter? Like most things cybercrime-related, certain groups are earning money from this ruse. How exactly? For survey scams, the pages where users are redirected to are typically ad-tracking sites that track the number of site visits. These visits then, translate to profit for cybercriminals. The information taken from the survey and phishing pages are also sold to other cybercriminal gangs or used in other money-making schemes.

If 2012 has taught us anything, it’s to be more security conscious with our digital life. Ruses like survey scams and phishing pages are not going to fade away from the threat picture anytime soon. As such, users must follow well-known best practices for social media like avoiding clicking links without verifying its legitimacy – even if it came from a trusted Facebook, Twitter etc. contacts. These social networking sites also offer security features wherein users can report scams and other threats found on these sites.

To know more about how to make the coming new year safer and secure for your computer and mobile devices, you may read our Digital Life e-Guide A Guide to 2013 New Year’s Resolution.

Trend Micro Smart Protection Network protects users from this threat by blocking related malicious sites.

With additional analysis from Threat response engineers Joan Gan and Diana Lopera 

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.