2 min read

Simply the Best

Tudor FLORESCU

March 09, 2012

Simply the Best

The history of Facebook scams reveals a trial and error cycle behind each new mechanism devised to test users’ gullibility. Once upon a (not so very distant) time, scams would use Facebook apps to advertise themselves on the victim’s Wall. The “install this wonderful app” technique is now obsolete as fake browser add-ons/extensions or various updates grab the baton in the scam relay race. As expected, users developed a “nose” for these tricks, so scammers had to find another way to hit the bull`s eye. That`s where Facebook Events with a hidden agenda stepped in: getting people to attend and click the malicious links planted on the Event page. As Facebook comes up with security measures to deal with these fake Events, newer types of scam are being developed and will take the stage.

But what`s a rule without an exception? It was Leo (da Vinci, not di Caprio) who said “simplicity is the ultimate sophistication” and scammers couldn`t agree more. Just as the great Leo literally squared the circle with his Vitruvian man, some scammers are going about their business on the CAPTCHA square.

But let`s not get ahead of ourselves here.

First step: the bait.

Nothing special about it, it`s just something that can be used all year-long and should draw attention immediately.

One click, and there goes the CAPTCHA trap. Let`s try to dismantle it:

1. Check out the highlighted url at the top of the screenshot. ‘fb_comment’ is quite a strange element to be found in the url argument. What has that to do with a CAPTCHA?

2. CAPTCHAs are usually made up of 2 words that the user must recognize. While one is pretty clear, the other should be more difficult (though not impossible) to decipher, to avoid automated recognition. In the example above, both words are crystal clear. They are designed to be easily recognized so no user is stuck at this step.

3. A closer look at the ‘SUBMIT’ button will reveal that the word ‘Comment’ appears somewhere in the background.

As things have been made very easy for all potential victims, chances are that plenty of people will enter the ‘ha haha’ words in the text box and click ‘SUBMIT’ only to end up in a classic survey maze.

While the survey loads, a new post (advertising the scam) will also make its way to the user’s Facebook Wall/Profile as the fake CAPTCHA is, in fact, a Facebook comment dialogue in disguise. Isn’t that neat?

Less hassle for the creators of the scam sometimes translates into more users fooled!

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read