Issue 170 - January, 2014 (2nd Edition) - Page 28
'My Home is Burning' Facebook Phishing and Malware Scam
Private Facebook message purporting to be from a friend of the recipient claims that the sender's house is burning to the ground. The recipient is invited to click a link to see footage of the fire.
The message comes from a hijacked Facebook account. The friend's house is not burning and there is no video. Those who click the link will be taken to a bogus Facebook page designed to steal their Facebook login details. And, those who do login on the fake page will then be redirected to another page that claims that they must download a YouTube Player update before they can view the fire video. However, clicking the "update" link can install malware on the user's computer.
My home is burning to the ground. Check it out here its so bad [Link removed]
Users have reported receiving private Facebook messages claiming that a friend's house is burning to the ground. The message asks users to click a link to check out the fire.
However, there is no fire. The message comes from a hijacked Facebook account belonging to a friend of the recipient. If the recipient falls for the ruse and clicks the link, he or she will be taken to a bogus webpage designed to look like a normal Facebook login page. A message on the page will claim that the user must login to see the desired content.
If the user enters login details and presses the "login" button, he or she will be redirected to another bogus webpage that claims that a YouTube Player must be installed.
However, downloading the supposed YouTube update will install a trojan on the user's computer. Typically, such trojans can harvest information from the compromised computer and allow criminals to control the computer remotely.
Meanwhile, the scammers can use the information stolen via the fake Facebook login page to hijack genuine Facebook accounts. Once in the compromised accounts, the scammers can lock out the rightful owners and use the accounts to send out more of the same "My home is burning" scam messages. Thus, the cycle continues.
This campaign is similar to earlier phishing and malware attacks including one 2012 incarnation that was spread via Twitter direct messages.
As always, you need to use caution when following links in messages, even if the message appear to come from one of your friends. If the link leads to a page that asks you to login to one of your online accounts in order to see the promised content, be sure to use caution and common sense. Make sure that you are on the account's legitimate login page rather than a fake phishing site.
In fact, it is safest to login to all of your online accounts by entering the address into your browser's address bar rather than clicking a link in a message.
And, any message that claims that you must download a plugin or update to view a promised video or news article should be treated with suspicion.
Last updated: December 29, 2013
First published: December 29, 2013
By Brett M. Christensen
Pages in this issue:
- 'Paul Walker Still Alive After Accident' Phishing and Survey Scam
- 'Profile Visitors for Facebook' Rogue App and Survey Scam
- PG & E Energy Statement Malware Emails
- Fake Picture: 'Thailand Snake Girl' - Serpentosis Malianorcis
- Tom Crist Lottery Win Advance Fee Scam
- Legoland Child Abduction Attempt Hoax
- Fake Picasa 'New Photos' Emails Point to Dodgy Pharmacy Website
- 'Win a Disney Cruise' Survey Scam
- Bogus Advice - Block Hackers by Adding 'Security' to Facebook Blocking Function
- Fake - Giant Squid Image
- Commonwealth Bank 'eStatement Ready' Phishing Scam
- 'Singer Rihanna Found to be Dead' Facebook Survey Scam
- Satire - Pope Francis and the 'Third Vatican Council'
- Snow Canyon Roadway Image
- Albert (Tapper) Torney and the Can Car Sculptures That He Did NOT Make
- 'Your Atmos Energy Bill is Available' Malware Email
- 'Beware Hack Scam Rollercoaster Clip' Facebook Warning Message
- Sainsbury's 'Customer Satisfaction Survey' Phishing Scame
- Satire - '18 Million Birds Dead New Year's Eve'
- Hoax - 'Marijuana Overdoses Kill 37 in Colorado'
- Hoax Report Claims Paul Walker Faked His Own Death
- 'Shark Eats Swimming Man' Facebook Survey Scam
- 'Notice to Appear in Court' Malware Emails
- 'Most Fatal Car Accident' Survey Scam
- Hoax - Extraordinary Planetary Alignment To Decrease Gravity on January 4
- 'World's Largest Snake Video' Survey Scam
- Michael Jackson Died Years Ago Hoax
- 'My Home is Burning' Facebook Phishing and Malware Scam
- Facebook 'Closed for Maintenance' Prank