Feeds

Survey scammers serve up supposed shelter from survey scams

Kind of ironic when you think about it

Top three mobile application threats

Cheeky scammers are offering prospective marks an application that supposedly shields them from exposure to survey scams.

Naturally, you first have to fill in a survey to install the script, which is punted through Userscripts(dot)org. Odds are that even after jumping through these hoops users will still be exposed to surveys and, possibly, left at a heightened risk of malware infection.

"'Only install scripts from sources you trust' is on the install box for a reason," security researcher Christopher Boyd, of GFI Security, notes.

Boyd's write-up of the scam can be found here.

Survey scams are becoming increasing common on social networks. Scammers (affiliates) profit from wasting surfers' time with the Web 2.0 equivalent of email spam. Often the spammers attempt to hoodwink users into signing up to premium rate SMS services.

A study by F-Secure, published last week, took advantage of the web analytic tools used by scammers to investigate the response rates of survey scams.

For example, one recent social network spam run, themed around McDonalds, attracted 32,000 clicks, and a conversion rate of 40 percent.

F-Secure notes that these sizeable figures are lower than those pulled in by earlier scams. A survey scam that used supposed footage of a teacher beating a disobedient student pulled in 140,000 hits six weeks ago, for example, because users are getting wise to the ruse.

"The 32,000 clicks is far less than similar spam from just two months ago when we saw several examples of viral links that yielded hundreds of thousands of clicks," writes Sean Sullivan, a security advisor at F-Secure.

"Returns are diminishing as people are exposed, develop a resistance, and recognise Facebook spam for what it is."

Despite increased user awareness, however, it's unlikely that survey spam scams will disappear anytime soon, F-Secure warns.

"Social networking spammers don't need to dupe very many people in order to be rewarded for their efforts," said Sullivan. "Many of the surveys lead to SMS subscriptions (particularly outside of the USA) and there's good money to be made.

"And because the conversion rates are better than e-mail spam, you can be certain that it won't be going away any time soon." ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Canadian taxman says hundreds pierced by Heartbleed SSL skewer
900 social insurance numbers nicked, says revenue watchman
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
Burnt out on patches this month? Oracle's got 104 MORE fixes for you
Mass patch for issues across its software catalog
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
Oracle working on at least 13 Heartbleed fixes
Big Red's cloud is safe and Oracle Linux 6 has been patched, but Java has some issues
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.