Scammers are using SMS Text Messaging and Email to facilitate malicious attacks online with social media
The scam begins in Facebook, with a “This is what happens when ex GF forgets to turn her webcam off” status update (image 1). Thousands of these posts exist. The video clips they promote, aside from the ex-girlfriend revenge angle, are typically tied to breaking news, world catastrophes, celebrity deaths or a plethora of other topics. This approach of toying with people’s curiosities is common of spammers.
Image 1: Pornographic status update tied to spam campaign
After clicking the link, an age-verification dialogue box appears with two options: “1. Click, Yes I am 13+” or “2. Click JAA button to start playing the video.” The dialogue box is branded as Facebook, using their icon and color scheme, and is presented in a foreign language intended to trick users into clicking the second option to view the video (image 2).
Image 2: Second option to view the video
Opting for the second option launches another “Security Check” box, which asks users to complete one of three offers in order for the video to load.
Image 3: Spam offers posing as verification method
The offers (image 3), once clicked, redirect users to a new website consisting of a 5-point test. During testing, the “Security Check” dialogue box changes to read “Check for completion now.” At the end of the test, the website tied to the offer prompts users for an email address and a cell phone number, to which a pin code will be sent that will be required to view the test results and the video. Users that surrender their email and mobile numbers are ultimately allowed to view the test results, but not the video.
To complicate matters further, the ability to exit or close the pop-up window is removed. A padlock icon appears in place of where the “X” close icon would normally be. Every attempt to close the pop-up hurls a storm of other offers towards the user.
Image 4: Message received after attempting to close the pop-up window
In the last leg of this hybrid spam campaign, the user receives a text message with a malicious file attachment. Opening the file executes code that turns the user into a distributor of the pornographic scam. The video link is posted to the user’s wall plus those of his/her Facebook friends whose privacy settings allow for unmoderated wall postings.
Image 5: Actual SMS text message spam with malicious file attachment
Aside from earning the fraudster(s) commissions for tests taken, users become susceptible to an additional flood of e-mail and text messaging spam. Blocking e-mail spam has improved with most leading email providers, such as Gmail, Hotmail, Yahoo! Mail and others. Blocking text messages, however, relies mostly on the wireless service provider’s spam filters. Replying “STOP” may work in ceasing legitimate marketing text messages, but rarely for spam. If text messages do get through, this implies that the spam filters have failed at doing their job, and such instances should be reported to the service provider immediately.