Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Facebook Phishing And Survey Scam

Outline
Spam messages attempt to entice recipients into following a link to visit a Facebook profile by promising access to erotic content.



Brief Analysis
Links in the messages open a bogus Facebook profile page that quickly redirects to a fake Facebook login page. Users who login on the fake page are then taken to a typical survey scam site that promises them free items or prize entries in exchange for participating in various surveys or offers. Login details submitted on the fake page can be collected by scammers and used to hijack the user's real Facebook page. Users will never receive the promised gift or prize entry no matter how many surveys or offers they complete.

Bookmark and Share
Detailed analysis and references below example.





Last updated: July 9, 2012
First published: July 9, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example

Subject: Hello whatsup

basically wanted to let you know due to the fact craig's list diabled their erotic section i released my own profile right here on facebook and i have a good video there also

in the event your wanting for a great escort message me, I am nineteen yr old and also I never do drugs and have no stds

give it a look, tell me what you think [Link removed]




Detailed Analysis
These spam messages, which are currently targeting Facebook users, combine a phishing scam designed to steal Facebook login details with a typical survey scam designed to trick users into submitting their personal information in the hope of receiving free gifts or prize entries.

The messages used in the scam attempt vary considerably. In this version, recipients are promised access to erotic content hosted on a Facebook profile. Those who take the bait and click the link in the spam message are first taken to a seemingly genuine Facebook profile page. However, once this profile page opens, users are immediately redirected to another page designed to look like the genuine Facebook login page. The bogus login page uses a web address that includes the word "facebook" in an attempt to make it appear to be a genuine Facebook web page.

Users who go ahead and enter their Facebook login details will not be taken to the erotic content they were anticipating. Instead, they will be taken to yet another website that promises them expensive prizes such as iPads and laptop computers in exchange for participating in a brief survey. After they have chosen their "prize" and answered the survey questions, participants are then asked to provide their full name, email address, home address and phone number, ostensibly so they can be contacted should they actually win the selected prize. Fine print on the bottom of the form notes that, by entering, users consent to all their information being shared with other parties who will send them further promotional material via email, phone, text message or post. Some of the "surveys" require users to provide a mobile phone number that will subsequently be used to subscribe them to very expensive text messaging services charged at several dollars per text. Victims may thus be faced with large phone bills for unwanted mobile phone services and, because they have provided name and contact details, they may be inundated with unwanted promotional emails, phone calls and junk mail.

But, considerably more worrying in this case, is that victims have also divulged their Facebook login credentials to the criminals operating the scam. Once they have collected this information, the scammers can then login to the victims real Facebook account, lock out the genuine account holder, and use it to perpetrate further Facebook driven scam and spam attacks.

Phishing scams of this nature take many forms. Internet users should be cautious of any messages that require them to click a link and login to an online account or provide personal information. It is always safest to login to your online accounts by entering the address into your web browser rather than by clicking a link in a message.

Bookmark and Share

References
Phishing Scams - Anti-Phishing Information
What is a Facebook Survey Scam? - Survey Scams Explained



Last updated: July 9, 2012
First published: July 9, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer