Thousands Scammed by Facebook Starbucks App

Guest Blog Post by Brittany Lyons ~ 

For many Facebook users, the offer of free Starbucks gift cards is simply too much to pass up. Recently, many users clicked on just such a link that popped up in their friends’ status updates, after those friends had “liked” the page. Instead of taking them to a legitimate corporate website, the users were directed to a fraudulent website, where they gave up their private information in order to receive the non-existent gift cards.
Facebook scams like these are not a new occurrence. In August of 2010, the statuses of users’ Facebook pages were flooded with messages letting people know that Justin Bieber was giving away free concert tickets. When users clicked the link, they went to a Facebook application page that asked for the user’s mobile phone number in order to enter a contest to win £50,000 (80,000 USD). The catch is that it was also a premium service that charged £4.50 (7 USD) to the mobile phone bill once a week.
The one thing that Justin Bieber and Starbucks have in common is an extremely large fan base, and thus more potential victims who scammers can target. This is also why scams will often be disguised as popular services like online PhD programs. That large number of potential victims is then multiplied by the number of friends that these fans have, and scams like these get passed along from friend to friend like wildfire. It is possible that thousands of people may have given up their personal information before the Starbucks scam app was removed by Facebook.
This connection between friends is what makes Facebook scams different than the email spam messages of the past. Email spam would just get sent to random people, typically by unknown senders, which made them relatively easy to block, filter or just ignore. Facebook scams, on the other hand, rely on trusted connections between friends in order to spread. Once someone has clicked on the link, the app re-posts that same link on their status, sending it out to all of their connections. Since a Facebook user would not be as suspicious of a message or link from a friend as they would with a random sender, there is a better chance of them opening the scam link or message and passing it on.
To avoid scams like this, it’s important to know the posting habits of your friends. For example, if friends are posting links when they normally do not post links, or they are linking to something you don’t think they are a fan of, there is a good chance that they have been scammed and didn’t even post the link in the first place. Most of these links are actually rogue Facebook apps installed on a user’s Facebook page. If you are ever taken to a Facebook application install page, pay attention to whether or not the application asks for authorization to post on your wall, and think carefully before granting that authorization—your friends will thank you.
Users should also avoid giving out personal information as a rule, especially in the case of promotional offers. Check the security setting on your Facebook profile, so that you are using “secure browsing”–that means there is an “https://” in front of the page URL rather than the “http://” that’s more common. Secure browsing has a tendency to block all apps, rather than just the scams, but the extra step it takes to open a link will prompt you to think twice about how secure it is. Finally, users can also keep track of ongoing scams and frauds by checking the Facebook page of Sophos, a company that monitors and reports scams, viruses and frauds that are spread throughout the Internet.
Overall, the best mentality to have when seeing promotions that offer gift cards and other goodies on Facebook is this: if something seems to be too good to be true, then it probably is.

————————
Brittany Lyons aspires to be a psychology professor, but decided to take some time off from grad school to help people learn to navigate the academic lifestyle. She currently lives in Spokane, Washington, where she spends her time reading science fiction and walking her dog.

Facebook “Dislike Button” Scam

If you are on Facebook you have seen the “Like” button underneath users’s post, which is a cute way to let people know that you agree with or “like” what they said, without having to post a comment. For years, people have been saying that they should also have a “Dislike” button, so many Facebook users eagerly download a recent program that said it loaded the new “Dislike” button to your profile.

This program will ask you to download an application, which then brings up several surveys asking for personal information, and in the end you do get a “Dislike” button but you are also automatically signed up for a $5 per month cell phone charge.

Here is a link to a video report on this scam

http://www.youtube.com/watch?v=ei9GGyz1uWc&feature=player_embedded

Did you know . . .

That Facebook recently changed it’s privacy settings? Now they can share your personal information with large companies WITHOUT YOUR APPROVAL! What is the point of having an account with settings so that only certain people can view your account if they are going to give the info to anyone they want.

Senator Al Franken recently asked Facebook to change their policies.  The Electronic Privacy Information Center is also asking the FTC to do something about this issue.

Until Facebook does change their policy you can opt-out of having your information shared with third parities.

You can complete the whole process in a few minutes using the links below and your browser’s ‘back’ button. Here is how:

  1. First, log into Facebook in a new window or tab.
  2. Next, go to the “Instant Personalization” page (under Account/Privacy Settings/Applications and Websites) and uncheck the “allow” box.
  3. To prevent the third parties from accessing your information through your friends who have not opted out, you need to visit Pandora, Microsoft, and Yelp and click on the “Block Application” link in the upper left corner of the page.
  4. Finally, check Facebook’s “Help Center” frequently to see an up-to-date list of applications that need to be individually blocked to maintain your privacy.

The Facebook Email

More Facebook login scam emails . . . I had 19 of them in my SPAM folder!

Below are the email addresses from this scam email. I like to post these in case someone does a google search on them.

Subject: New login system
From: update+rgogqpctttsr@facebookmail.com
Reply To: disorient47@sira.net
From: update+dliugby@facebookmail.com
Reply To: codependent465@sssheet.com
update+lnncltkgyzup@facebookmail.com
From: update+ghswbfz@facebookmail.com
From: update+ljeuhyagcq@facebookmail.com
update+yvesfftsiqywhv@facebookmail.com
update+wraywxbjjgz@facebookmail.com
update+mzbdzhlqdfz@facebookmail.com
update+pzgxnjof@facebookmail.com
update+gmgnlbscafdv@facebookmail.com
update+ibwxqcwwrlfnm@facebookmail.com
update+aqcavrtnuzbik@facebookmail.com
update+oinecjo@facebookmail.com
update+opuhqlwsknknf@facebookmail.com
update+mxwiwbc@facebookmail.com
update+vbizdtnyxnt@facebookmail.com
update+gpksidnvuak@facebookmail.com
update+ydvejcd@facebookmail.com
update+clvwaojhtxpilz@facebookmail.com

Dear Facebook user,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.

Please click on the link below to update your account online now:

If you have any questions, reference our New User Guide.

Thanks,
The Facebook Team

Facebook Login Scam

I was checking my spam folder for scam emails, like I always do, and I found TWO from different email accounts with the same Facebook Login Scam. Below is a copy of the text along with the email addresses that they were sent from.

Subject: new login system

From: update+fronaltlwvdsv@facebookmail.com

From: update+gbidzxt@facebookmail.com

Dear Facebook user, In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.

Before you are able to use the new login system, you will be required to update your account. Click here to update your account online now. If you have any questions, reference our New User Guide.

Thanks, The Facebook Team

——————

If you recieve a similar email, do not click on the links in it. This is how the scammer gets your Facebook account, and maybe other iformation about you.

Be safe!

Scammers and Social Networking Sites

This information is re-posted from the FBI Press Release Page

Fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Other spam entices users to download an application or view a video. Some spam appears to be sent from users’ “friends”, giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected.

Another technique used by fraudsters involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software. Other malicious software gives the fraudsters access to your profile and personal information. These programs will automatically send messages to your “friends” list, instructing them to download the new application too.

Infected users are often unknowingly spreading additional malware by having infected websites posted on their webpage without their knowledge. Friends are then more apt to click on these sites since they appear to be endorsed by their contacts.

Tips on avoiding these tactics:

Adjust website privacy settings. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.

Be selective of your friends. Once selected, your “friends” can access any information marked as “viewable by all friends.”

You can select those who have “limited” access to your profile. This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.

Disable options and then open them one by one such as texting and photo sharing capabilities. Users should consider how they want to use the social networking site.
If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.

Be careful what you click on. Just because someone posts a link or video to their “wall” does not mean it is safe.

Those interested in becoming a user of a social networking site and/or current users are recommended to familiarize themselves with the site’s policies and procedures before encountering such a problem.

Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions.

Individuals who experienced such incidents are encouraged to file a complaint at www.IC3.gov reporting the incident.

———————
Shawn Mosch
Co-Founder of ScamVictimsUnited.com

Find us on Twitter, Facebook and more through
http://www.retaggr.com/page/ShawnMosch

Social Networking Friend Scam

This is from a Press Release from the FBI today

No, Your Social Networking “Friend” Isn’t Really in Trouble Overseas

According to the Internet Crime Complaint Center (IC3), there has been an increase in the number of hijacked social networking accounts reported to http://www.ic3.gov.

One of the more popular scams involves online criminals planting malicious software and code onto to victim computers. It starts by someone opening a spam e-mail, sometimes from another hijacked friend’s account.

When opened, the spam allows the cyber intruders to steal passwords for any account on the computer, including social networking sites. The thieves then change the user’s passwords and eventually send out distress messages claiming they are in some sort of legal or medical peril and requesting money from their social networking contacts.

So far, nearly 3,200 cases of account hijackings have been reported to the IC3 since 2006.

Cyber thieves are also using spam to promote phishing sites, claiming a violation of the terms of service agreement or creating some other issue which needs to be resolved. Other spam entices users to download an application or view a video. Some of these messages appear to be sent from friends, giving the perception of legitimacy. Once the user responds to a phishing site, downloads an application, or clicks on a video link, the electronic device they’re using becomes infected.

Some applications advertised on social networking sites appear legitimate but install malicious code or rogue anti-virus software. These empty applications can give cyber criminals access to your profile and personal information. These programs will automatically send messages to your contacts, instructing them to download the new application too.

Infected users are often unknowingly spreading malware by having links to infected websites posted on their webpage without the user’s knowledge. Since the e-mail or video link appear to be endorsed by a friend, social networking contacts are more likely to click on these links.

Although social networking sites are generally a safe place to interact with friends and acquaintances, keep in mind these suggestions to protect yourself while navigating the Internet:

Adjust website privacy settings. Some networking sites have provided useful options to assist in adjusting settings to help protect your identity.
Be selective when adding friends. Once added, contacts can access any information marked as viewable by all friends.
Limit access to your profile to only those contacts you trust with your personal information.
Disable options, such as photo sharing, that you might not regularly use. You can always enable these options later.
Be careful what you click on. Just because someone posts a link or video to their wall does not mean it is safe.
Familiarize yourself with the security and privacy settings and learn how to report a compromised account.
Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions.
If your account has been hijacked or infected, report it to by visiting www.ic3.gov or www.lookstoogoodtobetrue.com.

The Internet Crime Complaint Center is a partnership between the FBI and National White Collar Crime Center (NW3C).