Last updated: July 9, 2012
First published: July 9, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Hello whatsup
basically wanted to let you know due to the fact craig's list diabled their erotic section i released my own profile right here on facebook and i have a good video there also
in the event your wanting for a great escort message me, I am nineteen yr old and also I never do drugs and have no stds
give it a look, tell me what you think [Link removed]
These spam messages, which are currently targeting Facebook users, combine a phishing scam designed to steal Facebook login details with a typical survey scam designed to trick users into submitting their personal information in the hope of receiving free gifts or prize entries.
The messages used in the scam attempt vary considerably. In this version, recipients are promised access to erotic content hosted on a Facebook profile. Those who take the bait and click the link in the spam message are first taken to a seemingly genuine Facebook profile page. However, once this profile page opens, users are immediately redirected to another page designed to look like the genuine Facebook login page. The bogus login page uses a web address that includes the word "facebook" in an attempt to make it appear to be a genuine Facebook web page.
Users who go ahead and enter their Facebook login details will not be taken to the erotic content they were anticipating. Instead, they will be taken to yet another website that promises them expensive prizes such as iPads and laptop computers in exchange for participating in a brief survey. After they have chosen their "prize" and answered the survey questions, participants are then asked to provide their full name, email address, home address and phone number, ostensibly so they can be contacted should they actually win the selected prize. Fine print on the bottom of the form notes that, by entering, users consent to all their information being shared with other parties who will send them further promotional material via email, phone, text message or post. Some of the "surveys" require users to provide a mobile phone number that will subsequently be used to subscribe them to very expensive text messaging services charged at several dollars per text. Victims may thus be faced with large phone bills for unwanted mobile phone services and, because they have provided name and contact details, they may be inundated with unwanted promotional emails, phone calls and junk mail.
But, considerably more worrying in this case, is that victims have also divulged their Facebook login credentials to the criminals operating the scam. Once they have collected this information, the scammers can then login to the victims real Facebook account, lock out the genuine account holder, and use it to perpetrate further Facebook driven scam and spam attacks.
Phishing scams of this nature take many forms. Internet users should be cautious of any messages that require them to click a link and login to an online account or provide personal information. It is always safest to login to your online accounts by entering the address into your web browser rather than by clicking a link in a message.