3 min read

Tagging me, tagging you/ Is there nothing we can do?

Ioana Jelea

April 08, 2011

Tagging me, tagging you/ Is there nothing we can do?

Here’s the story of a scam that won’t make you feel like a Dancing Queen. It might even make Fernando scream. ABBA….about what? Well, about scammers having figured out how to further refine their highjacking techniques. Remember our friends, the Likejacks? Now meet their photo-addict cousins: the Tagjacks.

First, we’ve got a post in which you were apparently tagged in a friend’s photo album, by that very friend.

Nothing fishy, so far, except for a couple of details. The thumbnail on display represents a sexy girl. What’s wrong with that? Well, you may remember that we’ve already warned you against accessing shared photos or movies that promise to reveal sensational/shocking content.

If that did not give you any doubts about the legitimacy of this app, then how about reading the (not so) small print next to the thumbnail: “wow this works>> now you can see who your top facebook profile stalkers are!”. Really, now! This is quite an old bait that’s been used and re-used a gazillion times.

But as our friend, 00.7, the world’s least-known secret agent once said: “Love your stalkers as you love thyself” (or something of the sort), let’s see what happens if you actually follow the link. Voila!

Strangely familiar, isn’t it? Next move? Click login. Just like the doctor ordered.

Ta-daaaaaaaaaaaaaaaam! Permissions. Only two, it’s true, but they’re more than enough. Access my basic info will allow the app to find out the user’s list of friends, whereas the Post to Wall permission will enable it to post messages AND photos to the user’s wall. How convenient!

 

Click Allow, and that’s where the fun ends.

It’s the nauseating maze of content unlocking tricks that never work.

So, what happens after all? You end up with a new addition to your gallery: the sexy girl’s photo. Plus all of your contacts will be tagged in that photo so that the scam gets better visibility. Let’s not forget about the messages posted to all of your friends’ walls (announcing that they’ve been tagged).

All of this will trigger a very interesting water ripple effect (as illustrated below):

FRIEND A (clicked the link) -> FRIEND B* (gets a post on the wall about being tagged, may or may not click the link) -> FRIEND C* (sees the post about B being tagged and has access to the bad link even if B does not click it)

*B is A’s friend and C is B’s friend

Extra viral effect, say you? Right you are!

As scammers are getting greedier and their arsenal relies more heavily on the social platform’s legitimate functions, you should be looking out for the slightest sign of trouble before installing an application. Some guidelines on how to tell a good app from a bad one, here.

Don’t forget that:

–          No legitimate app can tell you how many times your profile has been viewed, who your stalkers/peekers are, who spied on you on the social platform.

–          You should take a good look at the list of permissions an app requests.

–          Shared controversial photos/videos are very likely to hide all sorts of traps.

This article is based on the technical information provided courtesy of George Petre, BitDefender Threat Intelligence Team leader

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read