Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 170 - January, 2014 (2nd Edition) - Page 28

'My Home is Burning' Facebook Phishing and Malware Scam

Issue 170 Start Menu

Previous Article            Next Article

Outline
Private Facebook message purporting to be from a friend of the recipient claims that the sender's house is burning to the ground. The recipient is invited to click a link to see footage of the fire.

Trojan

© Depositphotos.com/alexskopje



Brief Analysis
The message comes from a hijacked Facebook account. The friend's house is not burning and there is no video. Those who click the link will be taken to a bogus Facebook page designed to steal their Facebook login details. And, those who do login on the fake page will then be redirected to another page that claims that they must download a YouTube Player update before they can view the fire video. However, clicking the "update" link can install malware on the user's computer.

Bookmark and Share

Example
My home is burning to the ground. Check it out here its so bad [Link removed]

Home Burning Malware Message

Detailed Analysis


Users have reported receiving private Facebook messages claiming that a friend's house is burning to the ground. The message asks users to click a link to check out the fire.

However, there is no fire. The message comes from a hijacked Facebook account belonging to a friend of the recipient. If the recipient falls for the ruse and clicks the link, he or she will be taken to a bogus webpage designed to look like a normal Facebook login page. A message on the page will claim that the user must login to see the desired content.

If the user enters login details and presses the "login" button, he or she will be redirected to another bogus webpage that claims that a YouTube Player must be installed.

However, downloading the supposed YouTube update will install a trojan on the user's computer. Typically, such trojans can harvest information from the compromised computer and allow criminals to control the computer remotely.

Meanwhile, the scammers can use the information stolen via the fake Facebook login page to hijack genuine Facebook accounts. Once in the compromised accounts, the scammers can lock out the rightful owners and use the accounts to send out more of the same "My home is burning" scam messages. Thus, the cycle continues.

This campaign is similar to earlier phishing and malware attacks including one 2012 incarnation that was spread via Twitter direct messages.

As always, you need to use caution when following links in messages, even if the message appear to come from one of your friends. If the link leads to a page that asks you to login to one of your online accounts in order to see the promised content, be sure to use caution and common sense. Make sure that you are on the account's legitimate login page rather than a fake phishing site.

In fact, it is safest to login to all of your online accounts by entering the address into your browser's address bar rather than clicking a link in a message.

And, any message that claims that you must download a plugin or update to view a promised video or news article should be treated with suspicion.


Bookmark and Share

Last updated: December 29, 2013
First published: December 29, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Twitter DMs from your friends can lead to Facebook video malware attack



Previous Article            Next Article

Issue 170 Start Menu

Pages in this issue:
  1. 'Paul Walker Still Alive After Accident' Phishing and Survey Scam
  2. 'Profile Visitors for Facebook' Rogue App and Survey Scam
  3. PG & E Energy Statement Malware Emails
  4. Fake Picture: 'Thailand Snake Girl' - Serpentosis Malianorcis
  5. Tom Crist Lottery Win Advance Fee Scam
  6. Legoland Child Abduction Attempt Hoax
  7. Fake Picasa 'New Photos' Emails Point to Dodgy Pharmacy Website
  8. 'Win a Disney Cruise' Survey Scam
  9. Bogus Advice - Block Hackers by Adding 'Security' to Facebook Blocking Function
  10. Fake - Giant Squid Image
  11. Commonwealth Bank 'eStatement Ready' Phishing Scam
  12. 'Singer Rihanna Found to be Dead' Facebook Survey Scam
  13. Satire - Pope Francis and the 'Third Vatican Council'
  14. Snow Canyon Roadway Image
  15. Albert (Tapper) Torney and the Can Car Sculptures That He Did NOT Make
  16. 'Your Atmos Energy Bill is Available' Malware Email
  17. 'Beware Hack Scam Rollercoaster Clip' Facebook Warning Message
  18. Sainsbury's 'Customer Satisfaction Survey' Phishing Scame
  19. Satire - '18 Million Birds Dead New Year's Eve'
  20. Hoax - 'Marijuana Overdoses Kill 37 in Colorado'
  21. Hoax Report Claims Paul Walker Faked His Own Death
  22. 'Shark Eats Swimming Man' Facebook Survey Scam
  23. 'Notice to Appear in Court' Malware Emails
  24. 'Most Fatal Car Accident' Survey Scam
  25. Hoax - Extraordinary Planetary Alignment To Decrease Gravity on January 4
  26. 'World's Largest Snake Video' Survey Scam
  27. Michael Jackson Died Years Ago Hoax
  28. 'My Home is Burning' Facebook Phishing and Malware Scam
  29. Facebook 'Closed for Maintenance' Prank