The scam waves in Facebook continue, as expected. For example the recent “brother raped his sister” theme has been changed a bit and sent along for a new run on the social network.
It’s the same content that has been used with similar themes over the last few weeks, only the scammers have just added a level of randomization to it. Not only does the text of the message vary a bit each time, but they also add random sub-domains. They are using a combination of words like www, wtf, video, show, play, movie, killer, insane, crazy, or brother in combination with other random parts. A link could for example look like this: http://video.ng4o.%5BREMOVED%5D.info/watch?v=s4vo4o
For this particular scam we have already seen more than 70 different domains in use. Given the randomization, it’s no surprise that none of the tested links where blocked by Facebook’s redirector, with more than 200,000 people already clicking the links.
To make it even more appealing, the script takes the current user’s location and adds the country name to the message, giving it a local reference.
After the user clicks on the link he or she is redirected to a remote site. In order to view the video the user has to click “Jaa” twice to confirm his or her age. More interesting is the fact that they state in bold letters that there are NO SURVEYS involved and that the video will start playing instantly. Readers from our blog know that the “Jaa” button is just the regular share button from Facebook with the language settings set to Finish. Therefore the pop-up window will share this story with all your friends on Facebook when clicked.
After sharing the link the user is forwarded to another site. Not surprisingly the scammers were lying and no video instantly plays. On the other hand they were technically not lying with the surveys. While it may appear as though there is a survey to be filled out, it’s actually a ring tone subscription services for 8 Euro per week.
Still the question from the scammer is valid: Are you smarter than your friends? We hope it’s at least true for the ones that would have clicked this already. Therefore, don’t give out your mobile phone number and don’t click on the “Jaa” share button. If you fell victim for this scam, then go to your profile wall and remove the post.
Symantec would like to encourage Facebook users to report any scams that they encounter to Facebook. The Facebook security team is currently working on this particular scam and they are blocking and removing the threat as new versions appear.
by Candid Wueest – Symantec