Thousands Scammed by Facebook Starbucks App

Guest Blog Post by Brittany Lyons ~ 

For many Facebook users, the offer of free Starbucks gift cards is simply too much to pass up. Recently, many users clicked on just such a link that popped up in their friends’ status updates, after those friends had “liked” the page. Instead of taking them to a legitimate corporate website, the users were directed to a fraudulent website, where they gave up their private information in order to receive the non-existent gift cards.

Facebook scams like these are not a new occurrence. In August of 2010, the statuses of users’ Facebook pages were flooded with messages letting people know that Justin Bieber was giving away free concert tickets. When users clicked the link, they went to a Facebook application page that asked for the user’s mobile phone number in order to enter a contest to win £50,000 (80,000 USD). The catch is that it was also a premium service that charged £4.50 (7 USD) to the mobile phone bill once a week.

The one thing that Justin Bieber and Starbucks have in common is an extremely large fan base, and thus more potential victims who scammers can target. This is also why scams will often be disguised as popular services like online PhD programs. That large number of potential victims is then multiplied by the number of friends that these fans have, and scams like these get passed along from friend to friend like wildfire. It is possible that thousands of people may have given up their personal information before the Starbucks scam app was removed by Facebook.

This connection between friends is what makes Facebook scams different than the email spam messages of the past. Email spam would just get sent to random people, typically by unknown senders, which made them relatively easy to block, filter or just ignore. Facebook scams, on the other hand, rely on trusted connections between friends in order to spread. Once someone has clicked on the link, the app re-posts that same link on their status, sending it out to all of their connections. Since a Facebook user would not be as suspicious of a message or link from a friend as they would with a random sender, there is a better chance of them opening the scam link or message and passing it on.

To avoid scams like this, it’s important to know the posting habits of your friends. For example, if friends are posting links when they normally do not post links, or they are linking to something you don’t think they are a fan of, there is a good chance that they have been scammed and didn’t even post the link in the first place. Most of these links are actually rogue Facebook apps installed on a user’s Facebook page. If you are ever taken to a Facebook application install page, pay attention to whether or not the application asks for authorization to post on your wall, and think carefully before granting that authorization—your friends will thank you.

Users should also avoid giving out personal information as a rule, especially in the case of promotional offers. Check the security setting on your Facebook profile, so that you are using “secure browsing”–that means there is an “https://” in front of the page URL rather than the “http://” that’s more common. Secure browsing has a tendency to block all apps, rather than just the scams, but the extra step it takes to open a link will prompt you to think twice about how secure it is. Finally, users can also keep track of ongoing scams and frauds by checking the Facebook page of Sophos, a company that monitors and reports scams, viruses and frauds that are spread throughout the Internet.

Overall, the best mentality to have when seeing promotions that offer gift cards and other goodies on Facebook is this: if something seems to be too good to be true, then it probably is.

————————

Brittany Lyons aspires to be a psychology professor, but decided to take some time off from grad school to help people learn to navigate the academic lifestyle. She currently lives in Spokane, Washington, where she spends her time reading science fiction and walking her dog.

Facebook “Dislike Button” Scam

If you are on Facebook you have seen the “Like” button underneath users’s post, which is a cute way to let people know that you agree with or “like” what they said, without having to post a comment. For years, people have been saying that they should also have a “Dislike” button, so many Facebook users eagerly download a recent program that said it loaded the new “Dislike” button to your profile.

This program will ask you to download an application, which then brings up several surveys asking for personal information, and in the end you do get a “Dislike” button but you are also automatically signed up for a $5 per month cell phone charge.

Here is a link to a video report on this scam

http://www.youtube.com/watch?v=ei9GGyz1uWc&feature=player_embedded

Helping a friend . . . or are you?

As always, I have to share the warnings from the FBI. We have seen this scam a lot on social networking sites like Facebook. One tip, if the person contacting you does NOT have children, ask them “Are the kids with you?” and if they say “Yes, they are.” or “No, they are safe at home.” then you know it is a scam.

Evaluate Appeals for Help from Friends Traveling Abroad with Caution

The Internet Crime Complaint Center continues to receive reports of individuals’ e-mail or social networking accounts being compromised and used in a social engineering scam to swindle consumers out of thousands of dollars.

Here’s how it works: Hackers infiltrate your social networking page, claim to be you, and write your contacts/friends. They portray themselves as “victims” who were robbed while traveling abroad and state they need money immediately because they don’t have a passport, money, credit cards, or cell phone and are stranded.

Some claim they only have a few days to pay their hotel bill and promise to reimburse costs upon their return home. Recipients may be tempted to respond to these appeals because they appear to be from a friend and there’s a sense of urgency to help.

If you receive a similar notice and aren’t sure if it is a scam, you should always verify the information before sending any money. If you have been a victim of this type of scam or any other cyber crime, report it to the IC3 website at http://www.IC3.gov.

The IC3’s database links complaints for potential referral to the appropriate law enforcement agency for case consideration. Complaint information is also used to identity emerging trends and patterns.

http://www.fbi.gov/pressrel/pressrel10/evaluate070210.htm

Did you know . . .

That Facebook recently changed it’s privacy settings? Now they can share your personal information with large companies WITHOUT YOUR APPROVAL! What is the point of having an account with settings so that only certain people can view your account if they are going to give the info to anyone they want.

Senator Al Franken recently asked Facebook to change their policies.  The Electronic Privacy Information Center is also asking the FTC to do something about this issue.

Until Facebook does change their policy you can opt-out of having your information shared with third parities.

You can complete the whole process in a few minutes using the links below and your browser’s ‘back’ button. Here is how:

1. First, log into Facebook in a new window or tab.
2. Next, go to the “Instant Personalization” page (under Account/Privacy Settings/Applications and Websites) and uncheck the “allow” box.
3. To prevent the third parties from accessing your information through your friends who have not opted out, you need to visit Pandora, Microsoft, and Yelp and click on the “Block Application” link in the upper left corner of the page.
4. Finally, check Facebook’s “Help Center” frequently to see an up-to-date list of applications that need to be individually blocked to maintain your privacy.

The Facebook Email

More Facebook login scam emails . . . I had 19 of them in my SPAM folder!

Below are the email addresses from this scam email. I like to post these in case someone does a google search on them.

Subject: New login system
From: update+rgogqpctttsr@facebookmail.com
Reply To: disorient47@sira.net
From: update+dliugby@facebookmail.com
Reply To: codependent465@sssheet.com
update+lnncltkgyzup@facebookmail.com
From: update+ghswbfz@facebookmail.com
From: update+ljeuhyagcq@facebookmail.com
update+yvesfftsiqywhv@facebookmail.com
update+wraywxbjjgz@facebookmail.com
update+mzbdzhlqdfz@facebookmail.com
update+pzgxnjof@facebookmail.com
update+gmgnlbscafdv@facebookmail.com
update+ibwxqcwwrlfnm@facebookmail.com
update+aqcavrtnuzbik@facebookmail.com
update+oinecjo@facebookmail.com
update+opuhqlwsknknf@facebookmail.com
update+mxwiwbc@facebookmail.com
update+vbizdtnyxnt@facebookmail.com
update+gpksidnvuak@facebookmail.com
update+ydvejcd@facebookmail.com
update+clvwaojhtxpilz@facebookmail.com

Dear Facebook user,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.
Before you are able to use the new login system, you will be required to update your account.

Please click on the link below to update your account online now:

If you have any questions, reference our New User Guide.

Thanks,
The Facebook Team

Facebook Login Scam

I was checking my spam folder for scam emails, like I always do, and I found TWO from different email accounts with the same Facebook Login Scam. Below is a copy of the text along with the email addresses that they were sent from.

Subject: new login system

From: update+fronaltlwvdsv@facebookmail.com

From: update+gbidzxt@facebookmail.com

Dear Facebook user, In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. These changes will offer new features and increased account security.

Before you are able to use the new login system, you will be required to update your account. Click here to update your account online now. If you have any questions, reference our New User Guide.

Thanks, The Facebook Team

——————

If you recieve a similar email, do not click on the links in it. This is how the scammer gets your Facebook account, and maybe other iformation about you.

Be safe!

Social Networking Friend Scam

This is from a Press Release from the FBI today

No, Your Social Networking “Friend” Isn’t Really in Trouble Overseas

According to the Internet Crime Complaint Center (IC3), there has been an increase in the number of hijacked social networking accounts reported to http://www.ic3.gov.

One of the more popular scams involves online criminals planting malicious software and code onto to victim computers. It starts by someone opening a spam e-mail, sometimes from another hijacked friend’s account.

When opened, the spam allows the cyber intruders to steal passwords for any account on the computer, including social networking sites. The thieves then change the user’s passwords and eventually send out distress messages claiming they are in some sort of legal or medical peril and requesting money from their social networking contacts.

So far, nearly 3,200 cases of account hijackings have been reported to the IC3 since 2006.

Cyber thieves are also using spam to promote phishing sites, claiming a violation of the terms of service agreement or creating some other issue which needs to be resolved. Other spam entices users to download an application or view a video. Some of these messages appear to be sent from friends, giving the perception of legitimacy. Once the user responds to a phishing site, downloads an application, or clicks on a video link, the electronic device they’re using becomes infected.

Some applications advertised on social networking sites appear legitimate but install malicious code or rogue anti-virus software. These empty applications can give cyber criminals access to your profile and personal information. These programs will automatically send messages to your contacts, instructing them to download the new application too.

Infected users are often unknowingly spreading malware by having links to infected websites posted on their webpage without the user’s knowledge. Since the e-mail or video link appear to be endorsed by a friend, social networking contacts are more likely to click on these links.

Although social networking sites are generally a safe place to interact with friends and acquaintances, keep in mind these suggestions to protect yourself while navigating the Internet:

Adjust website privacy settings. Some networking sites have provided useful options to assist in adjusting settings to help protect your identity.
Be selective when adding friends. Once added, contacts can access any information marked as viewable by all friends.
Limit access to your profile to only those contacts you trust with your personal information.
Disable options, such as photo sharing, that you might not regularly use. You can always enable these options later.
Be careful what you click on. Just because someone posts a link or video to their wall does not mean it is safe.
Familiarize yourself with the security and privacy settings and learn how to report a compromised account.
Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions.
If your account has been hijacked or infected, report it to by visiting www.ic3.gov or www.lookstoogoodtobetrue.com.

The Internet Crime Complaint Center is a partnership between the FBI and National White Collar Crime Center (NW3C).

Scams and Social Networking Sites

The following information was issued by the IC3 and can be found at http://www.ic3.gov/media/2009/091001.aspx

Techniques Used By Fraudsters On Social Networking Sites

Fraudsters continue to hijack accounts on social networking sites and spread malicious software by using various techniques. One technique involves the use of spam to promote phishing sites, claiming there has been a violation of the terms of agreement or some other type of issue which needs to be resolved. Other spam entices users to download an application or view a video. Some spam appears to be sent from users’ “friends”, giving the perception of being legitimate. Once the user responds to the phishing site, downloads the application, or clicks on the video link, their computer, telephone or other digital device becomes infected.

Another technique used by fraudsters involves applications advertised on social networking sites, which appear legitimate; however, some of these applications install malicious code or rogue anti-virus software. Other malicious software gives the fraudsters access to your profile and personal information. These programs will automatically send messages to your “friends” list, instructing them to download the new application too.

Infected users are often unknowingly spreading additional malware by having infected Web sites posted on their Webpage without their knowledge. Friends are then more apt to click on these sites since they appear to be endorsed by their contacts.

Tips on avoiding these tactics:

Adjust Web site privacy settings. Some networking sites have provided useful options to assist in adjusting these settings to help protect your identity.

Be selective of your friends. Once selected, your “friends” can access any information marked as “viewable by all friends.”

You can select those who have “limited” access to your profile. This is for those whom you do not wish to give full friend status to or with whom you feel uncomfortable sharing personal information.

Disable options and then open them one by one such as texting and photo sharing capabilities. Users should consider how they want to use the social networking site. If it is only to keep in touch with people then perhaps it would be better to turn off the extra options which will not be used.

Be careful what you click on. Just because someone posts a link or video to their “wall” does not mean it is safe.

Those interested in becoming a user of a social networking site and/or current users are recommended to familiarize themselves with the site’s policies and procedures before encountering such a problem.

Each social networking site may have different procedures on how to handle a hijacked or infected account; therefore, you may want to reference their help or FAQ page for instructions.

Individuals who experienced such incidents are encouraged to file a complaint at www.IC3.gov reporting the incident.

More on reporting scams

Often when victims ask “Where can I report these scams?” what they really want to know is how they recover the money that they lost.  The sad truth is that there is no place that you can report this scam to that will be able to recover your money.  To the scam victims, at the moment that they realized that they have been scammed it seems like it would be easy to find and arrest the scammer, and recover the money lost . . . you have their name, email address, phone number and maybe even a mailing address . . . but most if not all of those items are fakes that they use for their “profile”, and the other issue that comes up is jurisdiction, which we spoke about earlier.

So then what can be done?  Different scam fighting websites have different approaches to how they “fight back” against these scammers. 

At Scam Victims United we take the approach of providing information about scams in order to try and educate people before they become a victim.  We have created a Facebook Fan Page  in order to bring our message where people “hang out”.  We would like to see scam education brought into the school systems so that we can give the next generation the tools and resources that they need to recognize and avoid these scams.  We allow people to post scam emails that they receive so that then names, email addresses and company names being used in the scams will come up in search engines.  We also encourage people to report these scams, as we talked about earlier. 

“Scam Baiting” is another way of fighting back, and there are websites devoted to this.  Scam Baiting is pretending to be interested in the scammer’s offer in order to waste their time, and money, by having them send you counterfeit checks.  The site that I would recommend on this topic is 419eater.com because they will assist new “baiters” in learning the best way to go about this in order to protect yourself. 

Other sites focus on different ways of shutting down the scammers fake websites and closing the emailing accounts that they use by reporting them to the hosting sites or mail providers. One of these sites would be Report-Online-Scams.com

While these sites cannot help you recover your money, they can help you to do something to fight scams.  Education is the key to fighting scams, so talk about it with your friends and family and share sites like this with people you know.
Shawn Mosch
Co-Founder of ScamVictimsUnited.com
There is strength in numbers!

Find us on Twitter, Facebook and more!

New Fan Page!

We just started a fan page for Scam Victims United. 

http://www.facebook.com/pages/Scam-Victims-United/130347739735?ref=mf

Please join and tell your friends.

 

Shawn Mosch
Co-Founder of ScamVictimsUnited.com
There is strength in numbers!

 

Find us on Twitter, Facebook and more through
http://www.retaggr.com/page/ShawnMosch