Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with facebook
Showing posts in English
Avdhoot Patil | 19 Aug 2014 23:33:39 GMT

Phishers are known for capitalizing on current events and using them in their phishing campaigns. Celebrity scandals are popular and Symantec recently observed a phishing attack on the Facebook platform that claimed to have the sex tape of well-known Filipino television host and news anchor Paolo Bediones. Paolo Bediones became a hot topic last month when an adult video featuring a person resembling this TV host appeared online.

Symantec discovered a fake Facebook site behind a campaign that offered the "sex scandal" video of Paolo Bediones.

image1_0.jpg

Figure. Phishing site requests user login, then steals credentials

A message on the phishing site requests users to login to watch the full sex video. If users enter their Facebook login credentials, the phishing page...

Satnam Narang | 14 Aug 2014 21:32:10 GMT

Within 48 hours of the news surrounding the death of actor and comedian Robin Williams, scammers honed in on the public’s interest and grief. There is currently a scam campaign circulating on Facebook claiming to be a goodbye video recorded by the actor just before his death.
 

fbscam-bbcnews-rw.png

Figure 1. Fake BBC news site with fake Robin Williams goodbye video
 

There is no video. Users that click on the link to the supposed video are taken to a fake BBC News website. As with many social scams, users are required to perform actions before they can view the content. In this case, users are instructed to share the video on Facebook before watching.
 

fbscam-share-numbers.png

Figure 2. Facebook share dialog with fake...

Ankit Singh | 22 Jul 2014 22:25:38 GMT

Facebook Scam.png

Contributor: Himanshu Anand

Facebook scams are a regular occurrence in today’s world, but attackers have become more aggressive and are now using Facebook scams to exploit a user’s system. Normally Facebook scams trick users into filling out fake surveys, or sharing videos and pictures. It is very rare that a scam redirects to an exploit kit, but in the case of one famous Facebook scam targeting users who wanted to work from home, that was exactly what happened. The “EXPOSED: Mom Makes $8,000/Month” scam, which we observed recently, redirected users to the Nuclear exploit kit. This particular scam has since been removed by Facebook.

Facebook Scam 2.png

Figure 1....

Satnam Narang | 30 Apr 2014 10:17:09 GMT

Late last week, Facebook users in India were tricked by scammers who were claiming to offer a tool that could hack Facebook in order to obtain passwords belonging to the users’ friends. Unfortunately for these users, they actually ended up hacking their own accounts for the scammers and exposed their friends in the process.

Figure1_11.png

Figure 1. Scam promoting how to hack your Facebook friends

Want to hack your friends?
A post began circulating on Facebook from a particular page featuring a video with instructions on “Facebook Hacking” with a disclaimer stating that it was for education purposes only. The post links to a document hosted on Google Drive that contains some code that, according to the scam, will allow users to reveal their friends’ Facebook passwords. The instructions attempt to convince the user to paste...

Avdhoot Patil | 11 Apr 2014 11:11:40 GMT

Politicians are frequently featured on phishing sites and in light of the ongoing general election in India, phishers are starting to target Indian users by using a local politician and his party as bait. 

Symantec recently observed a phishing site which spoofs Facebook’s appearance and includes Arvind Kejariwal, the former chief minister of New Delhi and leader of the Aam Aadmi Party. The phishing site was hosted on servers based in Lansing, Michigan in the US. 

figure1_facebookspam.png
Figure 1. A fake Facebook “like” button and a picture of Arvind Kejariwal on the phishing site

As seen in the previous image, the phishing site, titled “Unite With Us Against Corruption”, uses a poster of the Aam Aadmi Party along with a fake Facebook “like” button. The site’s background image is a picture of the party’s leader Arvind Kejariwal...

Candid Wueest | 14 Jan 2014 22:40:15 GMT

The rise of “rest in peace” scam messages on social media sites continues. Jackie Chan, Morgan Freeman, Will Smith, Keanu Reeves, and Rihanna are only a few of the celebrities that have been proclaimed dead in recent scams. The sensational messages usually include links to a video. Before the user gets to see the video, they are tricked into manually sharing the bait message with all of their family and friends in order to spread the scam further. Even after sharing the post, the user will still not be able to see the fake video. Rather, they will be redirected to a site with advertisements that asks the user to fill out a survey. The ads and surveys generate revenue for the scammer. Other variants of the scam ask the user to download a malicious browser extension or application. This kind of scam is not new, but as long as they make money, they will continue.

...

Avdhoot Patil | 09 Oct 2013 12:25:44 GMT
Contributor: Daniel Regalado Arias
 
Phishers frequently introduce bogus applications to add new flavor into their phishing baits. Let’s have a look at a new fake app that phishers are leveraging. In this particular scam, phishers were trying to steal login credentials, but their means of data theft wasn’t with the phishing bait alone. Their ploy also used malware for harvesting users’ confidential information. The phishing site spoofed the login page of Facebook and was hosted on a free web hosting site.
 
figure1_0.png
Figure 1: The phishing site that spoofed the appearance of Facebook’s login page
 
The phishing site boasted that the application would enable users to view a list of people who visited their profile page. The site offered two options...
Symantec Security Response | 26 Jun 2013 23:05:46 GMT

Today we released a new version of Norton Mobile Security for Android devices that contains our new Norton Mobile Insight technology. Mobile Insight has analyzed over 4 million Android applications and processes tens of thousands of new applications every day. Through automatic and proprietary static and dynamic analysis techniques, Mobile Insight is able to automatically discover malicious applications, privacy risks, and potentially intrusive behavior. Further, Mobile Insight will tell you exactly what risky behavior an application will perform and give you specific, relevant, and actionable information.

The ability of Mobile Insight to automatically provide granular information on the behavior of any Android application even surprised us when we reviewed the most popular applications exhibiting privacy leaks. 

Of particular note, Mobile Insight automatically flagged the...

Satnam Narang | 18 Jun 2013 20:59:50 GMT

For sports fans, the most exciting time of the year is the post season. It is when the underdogs have a chance to topple the better teams in the league, or last year's champions are trying to win it again. Depending on the sport, these events can draw a lot of viewers, whether it is a single event or a seven game series. So, its no surprise there are sites that claim to offer fans the ability to watch these events online.

Right now, we are in the midst of the NBA finals pitting some of the finest players in the league against each other in their quest to win it all. The series was just tied 2-2 before Game 5 on Sunday. On that day, some Facebook users may have seen pages offering a free live stream of the game.
 

image1_2.jpeg

Figure 1....

Satnam Narang | 12 Jun 2013 16:30:31 GMT

Friedrich Nietzsche, a German philosopher, once said that, “without music, life would be a mistake.” This resonates with me, as someone with a profound love and appreciation for music. Like many fans, I’m an avid concert and festival attendee. Just last year, I attended a number of music festivals, from Coachella to Rock The Bells.

Last year’s Coachella music festival sold out quickly. While my friends and I managed to secure tickets, not everyone was so lucky. Shortly after ticket sales ended, I observed a Facebook fan page offering “free tickets” to users who liked the page. It had close to 10,000 likes but contained little information. I started warning friends that the page was a scam. The page was eventually taken down, with no free tickets awarded after all.

These types of online ticket scams may not seem common, but that perception is precisely why an offer like this—whether through social networking or email—may...