Feeds

Grifters punt 'get rich quick' scams at Facebook users

Social networking marks made an offer you can refuse

Protecting users from Firesheep and other Sidejacking attacks with SSL

Grifters are using Facebook to lend credibility to an elaborate get rich quick scam designed to trick punters into handing over credit card details.

The ruse begins with an ad on Facebook touting an offer to "get paid for posting links – Google will pay you great money for doing this". Users who respond to the come-on by clicking on a link are taken to a page where someone who's supposedly become rich through the scheme relates his story.

On the same page there’s a link to something called a "Google advertising" kit. Surfers who decide to find more about this are taken to a page called emillionaire.inc

This, in turn, leads to another page where punters are invited to enter their details to see if they’re eligible for this type of job. Only prospective marks from the UK, US, Canada and Australia are eligible. Prospective marks are invited to pay $1.90, using a debit or credit card, to take part.

Users receive nothing in return promoting complaints on Facebook from punters who have been taken in by the ruse, net security firm Trend Micro reports.

"There’s a forum where someone called 'Sophie from Belfast' is seeking advice as she fell for the scam and is now afraid her details are out there somewhere. Someone else from the US has also posted complaints that money had been taken from her," according to Rik Ferguson, senior security advisor at Trend Micro.

"Facebook Inc is obviously realising revenue from the advertisements they serve on behalf of these scammers, which calls into doubt the efficacy of Facebook's advertiser vetting procedure," Ferguson told El Reg.

An example of a dubious money making ad circulating on Facebook can be found here.

In other Facebook-related security threat news, a picture ruse that first appeared in November has been given a new lease of life, Trend reports.

Targeted Facebook users are informed that they have been "tagged" in an album by a currently online friend. Users are invited to visit a site called Stealpics.com but this is just a ruse designed to get users onto a site punting an electronic credit card at hugely disadvantageous terms.

Previous versions of the album tagging bait sent users on a merry dance while harvesting email addresses but nothing to do with duping them into signing up for services of dubious worth, as with the latest variant of the approach. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.