Why these Facebook voucher scams are so dangerous.

Ok, so once again, another of these Facebook scams are doing their rounds. This time they use ASOS and tout a voucher of varying values. We’re seeing a spike in UK, Cyprus and Greek based victims. Being as it’s a new year we figured we’d take a few minutes to warn you about why sometimes it’s not worth ‘just giving it a try’.

Also worth the read: How to spot a Scam on Facebook before it’s too late and How to get rid of a Facebook Worm in 4 steps.

a. These words don’t spread on stupidity, they spread on trust.

The reason these spread like wild-fire is because people trust their ‘friends’. The worms/scams are designed to abuse that trust. Why do you think they share ‘thank you’ or ‘omg this is amazing’ instead of ‘this is a legitimate voucher, trust me, honestly’?

This leads us to reason number 1 for not falling for this. You slowly chip away at your own personal reputation. Nobody likes the guy who introduced them to that last pyramid scheme that went bust before payday. Don’t be that guy (or girl).

b. Drive-by attacks.

Not like in those gangster flicks, but in the digital sense. Hackers find, learn or know about little security holes in so many pieces of software that it would blow our minds trying to block them all.

A drive-by attack, in principal, work like so:

  1. Simon lands on the page.
  2. A little script, let’s call him SneakyMalwareBot3.2or Little B for short, quickly checks if any of these ‘holes’ can be found on Simon’s computer whilst he tries to close the window or fills out the form.
  3. If Little B finds a hole is available he throws his friend BigTrojanDude4.2  (Big B for those keeping track) through the hole.
  4. Big B lands safely onto Simons computer, without him having the foggiest idea and starts setting up a block party for his whole crew and their friends.
  5. These badasses start stealing passwords, photos, documents, history, etc and sending them back to their home base in a cloud somewhere.

All in all, Simon has no clue and he’s been infected because he trusted you about the link shared on your wall. So it’s just as much your fault as it is his.

c. Phishing & Spear Phishing

Phishing is the art of confusing people into thinking the page they’re on is legitimate and thus when they put in their login details they’re being sent to the right people, securely. These have gotten more and more advanced, using redirects to make you think you did get logged on but something broke.

Hackers know you have a short attention span, so they make it seem as legit as possible, knowing you’ll probably say ‘oooh well’ and get distracted by a picture of a kitten or something.

These pages allow hackers to steal your passwords and user details, like username and secret questions, so they can take over/gain access to your accounts.

Spear Phishing is when they target people through a, b and c. knowing full well that they can fool people by abusing online trust.

Here’s how it could work in practice:

  1. Senator Bob Marlee (yea I know, it’s misspelled on purpose) only uses Facebook to chat to his close friends and family.
  2. In that group is Little Ow Ow (his nephew) who is like us, and loves oversharing.
  3. One day Little Ow Ow see’s that he can get a free trip to San Trope. It seems legit as 10 of his friends have already shared it with different messages. So he clicks on it, get’s involved, and then gets redirected to a page that looks broken. He thinks nothing of it, and goes on with his 9gag browsing.
  4. But Little Ow Ow’s cousin saw he shared it, and since Ow Ow knows much more about tech than she does, it makes sense and it appears legit.
  5. From cousin to friend to cousin to brother to mother the cycle continues.
  6. This is until Senator BM sees a shared link from his brother or sister or other trusted source.
  7. He lands up being made vulnerable through his trust for his network.

So breaking it down, think before you click, read our guide for how to detect scams and get in touch via the comments if you have any questions.

One comment

  1. […] ‘fishing’) attacks normally run through social media or emails (how to spot them and why they’re so dangerous) but we’ve picked up a scary variant targeting folks in Cyprus via […]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© ektagon LLC
New Jersey, USA