May 5, 2012 at 15:47New scam threatens Facebook users
Dear Habravites, we inform those of you who are registered on Facebook about the appearance of a new (and for Russians - the old) fraud scheme. Of course, you are smart, smart, but many foreign users can get caught. Attackers adopted a model that was notorious for members of the Russian social networks Vkontakte and Odnoklassniki, and created a special Profile Visitor application for Facebook, which asks the user for access to his wall, promising to show a list of those who visited his page. In fact, a picture is posted on the user's wall with a link to a fraudulent website. In turn, the victim's friends on Facebook receive notifications that they were allegedly marked in this picture, which expands the distribution area of the malicious link.
Having looked at his page on the Facebook social network, a user can find in the news feed a link to the Profile Visitor program, supposedly capable of capturing and displaying visitors to his profile on a special page. The link, as a rule, is published on behalf of one of the user's friends and leads to the page of the built-in Facebook application, for which activation it is required to allow the program to publish content on behalf of the user account. As soon as an unsuspecting victim clicks on the “Allow” button, a link to this application will appear on her profile wall and in the news feed of all her friends, posted on her behalf. However, even if the user does not allow Profile Visitor any publications on his behalf, everyone who is registered in his friends list will be automatically marked on the “photo”, which is an advertising banner link for the Profile Visitor application. Notification of this will be automatically sent to your Facebook contact list.
After that, the victim’s browser will automatically open the web page created by the attackers containing a dynamically changing array of links. By clicking on any of them, the user will be redirected to various fraudulent sites, the content of which depends on the IP address of the page visitor. So, some of them require access to information of a bank card to access the information, others suggest the user to enter their own mobile phone number in a special form and enter the code received in the response SMS in the corresponding field. This method is practiced mainly with respect to Russian-speaking visitors: in this way, fraudsters sign a victim for some kind of paid “information service”, for which a certain amount will be deducted from her account every month.
Among the fraudulent resources demonstrated by clicking on links, pseudo-lots with various prizes, online casinos, psychological tests, services for selecting individual diets, etc. were noticed. All these sites are automatically blocked by the Dr.Web SpIDer Gate filter built into Dr.Web products .
Previously, such fraudulent schemes were repeatedly used against users of the Russian social networks Vkontakte and Odnoklassniki, but now network crooks, apparently, decided to pay attention to residents of foreign countries. Doctor Web strongly recommends that Facebook users do not install Profile Visitor and do not click on links with this application published in its news feed, as well as exercise caution and discretion.
Having looked at his page on the Facebook social network, a user can find in the news feed a link to the Profile Visitor program, supposedly capable of capturing and displaying visitors to his profile on a special page. The link, as a rule, is published on behalf of one of the user's friends and leads to the page of the built-in Facebook application, for which activation it is required to allow the program to publish content on behalf of the user account. As soon as an unsuspecting victim clicks on the “Allow” button, a link to this application will appear on her profile wall and in the news feed of all her friends, posted on her behalf. However, even if the user does not allow Profile Visitor any publications on his behalf, everyone who is registered in his friends list will be automatically marked on the “photo”, which is an advertising banner link for the Profile Visitor application. Notification of this will be automatically sent to your Facebook contact list.
After that, the victim’s browser will automatically open the web page created by the attackers containing a dynamically changing array of links. By clicking on any of them, the user will be redirected to various fraudulent sites, the content of which depends on the IP address of the page visitor. So, some of them require access to information of a bank card to access the information, others suggest the user to enter their own mobile phone number in a special form and enter the code received in the response SMS in the corresponding field. This method is practiced mainly with respect to Russian-speaking visitors: in this way, fraudsters sign a victim for some kind of paid “information service”, for which a certain amount will be deducted from her account every month.
Among the fraudulent resources demonstrated by clicking on links, pseudo-lots with various prizes, online casinos, psychological tests, services for selecting individual diets, etc. were noticed. All these sites are automatically blocked by the Dr.Web SpIDer Gate filter built into Dr.Web products .
Previously, such fraudulent schemes were repeatedly used against users of the Russian social networks Vkontakte and Odnoklassniki, but now network crooks, apparently, decided to pay attention to residents of foreign countries. Doctor Web strongly recommends that Facebook users do not install Profile Visitor and do not click on links with this application published in its news feed, as well as exercise caution and discretion.