English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Facebook scams becoming increasingly multilingual

Christian
Kaspersky Lab Expert
Posted March 31, 12:01  GMT
Tags: Social Networks, Social Engineering, Spammer techniques
0.2
 

When I was checking Facebook this morning, I spotted some friends posting the same message all over their friends' walls. Well, another likejacking scam I assumed. So I did what I usually do when this happens, I wrote them a quick note telling them to clean up their Facebook apps and delete the wall posts. Nothing spectacular so far, as this happens on quite a regular basis. But wait...

Something's different this time: the whole scam is delivered in German! A really rare occurrence, but something which I expect to happen more often in future. “Why?” I hear you ask. Well, here's my theory:

About 70% of all Facebook users are based outside the US which means more than 350 million people, according to official Facebook statistics. These users don't speak English as their native language for the most part. For cybercriminals, this means that they miss the larger part of their target audience. Since most people in the world understand English, previous scams of this type worked out quite well, but they were also easy to spot outside the US and the UK, because it’s quite odd when people start writing messages in English when they usually don't. At the same time, likejacking scams have become better known among users of social networks. For these reasons the people behind the scams are doing what they started doing with spam years ago: they are localizing the content in different languages to broaden the target audience. While the messages in those days were heavily flawed in terms of language and design, the process with today’s social networks has been perfected much faster, as this example proves:

The scam is about a rollercoaster accident in one of Germany's largest fairs and offers a video of it. The additional comment by the victim says:

“Hey have you seen that? Unbelievable. Couldn't even watch it till the end. Will NEVER ever ride rollercoasters again.”

The link leads to the Facebook app's site. The section on the right, which advertises itself with more than 420,000 Facebook fans, has been faked. It's part of the image.


After clicking the link, you will be asked by a Facebook app to grant access to your profile data and allow it to post to your wall.


After allowing the app access to your account, you will be redirected to this webpage which promises to let you watch the video and also gives a warning about the disturbing content.


Before that, however, you have to take part in a survey. The webpage sells this as an anti-spam function. This website will monitor your progress in the survey, which opens up in a new window. The people behind these scams put a lot of effort into creating statistics to find out how well their scam worked – which is also the case here: they run various scripts to collect information on how many people visited the page, which survey they took and where the user comes from by using GeoIP services.

The surveys are about love and relationships and they promise to send your personalized result by SMS. By giving your mobile phone number, you're subscribing to the service for €2.99 every 5 days, until you quit the subscription.

After completing the survey, you'll finally get to see the video – which by now has already been removed because it violated the terms of use of the site where it was hosted.

If you see such a scam spreading among your Facebook friends, please notify them and tell them to remove the app as well as wall posts. Provide a link to this blog post to educate them about this type of scam. Scams such as these only work when people react to them.

This case has been reported to Facebook.


Comments

If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog