Feeds

Survey scammers serve up supposed shelter from survey scams

Kind of ironic when you think about it

High performance access to file storage

Cheeky scammers are offering prospective marks an application that supposedly shields them from exposure to survey scams.

Naturally, you first have to fill in a survey to install the script, which is punted through Userscripts(dot)org. Odds are that even after jumping through these hoops users will still be exposed to surveys and, possibly, left at a heightened risk of malware infection.

"'Only install scripts from sources you trust' is on the install box for a reason," security researcher Christopher Boyd, of GFI Security, notes.

Boyd's write-up of the scam can be found here.

Survey scams are becoming increasing common on social networks. Scammers (affiliates) profit from wasting surfers' time with the Web 2.0 equivalent of email spam. Often the spammers attempt to hoodwink users into signing up to premium rate SMS services.

A study by F-Secure, published last week, took advantage of the web analytic tools used by scammers to investigate the response rates of survey scams.

For example, one recent social network spam run, themed around McDonalds, attracted 32,000 clicks, and a conversion rate of 40 percent.

F-Secure notes that these sizeable figures are lower than those pulled in by earlier scams. A survey scam that used supposed footage of a teacher beating a disobedient student pulled in 140,000 hits six weeks ago, for example, because users are getting wise to the ruse.

"The 32,000 clicks is far less than similar spam from just two months ago when we saw several examples of viral links that yielded hundreds of thousands of clicks," writes Sean Sullivan, a security advisor at F-Secure.

"Returns are diminishing as people are exposed, develop a resistance, and recognise Facebook spam for what it is."

Despite increased user awareness, however, it's unlikely that survey spam scams will disappear anytime soon, F-Secure warns.

"Social networking spammers don't need to dupe very many people in order to be rewarded for their efforts," said Sullivan. "Many of the surveys lead to SMS subscriptions (particularly outside of the USA) and there's good money to be made.

"And because the conversion rates are better than e-mail spam, you can be certain that it won't be going away any time soon." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.