Simply the Best
The history of Facebook scams reveals a trial and error cycle behind each new mechanism devised to test users’ gullibility. Once upon a (not so very distant) time, scams would use Facebook apps to advertise themselves on the victim’s Wall. The “install this wonderful app” technique is now obsolete as fake browser add-ons/extensions or various updates grab the baton in the scam relay race. As expected, users developed a “nose” for these tricks, so scammers had to find another way to hit the bull`s eye. That`s where Facebook Events with a hidden agenda stepped in: getting people to attend and click the malicious links planted on the Event page. As Facebook comes up with security measures to deal with these fake Events, newer types of scam are being developed and will take the stage.
But what`s a rule without an exception? It was Leo (da Vinci, not di Caprio) who said “simplicity is the ultimate sophistication” and scammers couldn`t agree more. Just as the great Leo literally squared the circle with his Vitruvian man, some scammers are going about their business on the CAPTCHA square.
But let`s not get ahead of ourselves here.
First step: the bait.
Nothing special about it, it`s just something that can be used all year-long and should draw attention immediately.
One click, and there goes the CAPTCHA trap. Let`s try to dismantle it:
1. Check out the highlighted url at the top of the screenshot. ‘fb_comment’ is quite a strange element to be found in the url argument. What has that to do with a CAPTCHA?
2. CAPTCHAs are usually made up of 2 words that the user must recognize. While one is pretty clear, the other should be more difficult (though not impossible) to decipher, to avoid automated recognition. In the example above, both words are crystal clear. They are designed to be easily recognized so no user is stuck at this step.
3. A closer look at the ‘SUBMIT’ button will reveal that the word ‘Comment’ appears somewhere in the background.
As things have been made very easy for all potential victims, chances are that plenty of people will enter the ‘ha haha’ words in the text box and click ‘SUBMIT’ only to end up in a classic survey maze.
While the survey loads, a new post (advertising the scam) will also make its way to the user’s Facebook Wall/Profile as the fake CAPTCHA is, in fact, a Facebook comment dialogue in disguise. Isn’t that neat?
Less hassle for the creators of the scam sometimes translates into more users fooled!
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 22, 2021
April 13, 2021