The #FBscam
Note there are other similar scams popping up that do not use FB app pages (probably because it's been deactivated as detailed below). They usually start with URLs like twitlter.com and tvivvter.com and similar name lookalikes. I have added a section below for these called Twitter-lookalike scams
#FBscam Summary
#FBscam Summary
BREAKING NEWS, 22 Sep 2012, Facebook have finally acted and deactivated this site. I'll leave the content for info since most new scams popping up are similar.
Tweeps there is a Facebook app scam running, which has
two evil purposes.
1. It steals your Twitter account information so the
perpetrators can propagate their scam using your account.
2. It downloads spyware to your computer so they can
access everything you access on your computer.
Background
It’s elegant in its simplicity. It’s most powerful feature is that it’s a genuine Facebook App and hence looks harmless.
It’s elegant in its simplicity. It’s most powerful feature is that it’s a genuine Facebook App and hence looks harmless.
Note: Facebook are not the perpetrators, just the
sponsors of the app, which is written by the perpetrators and links to the
perpetrators URLs of which there are many.
When one URL is removed another pops up and the Facebook
app is revised to point to the new URL.
This is all going on under Facebook’s nose and they seem
unwilling or unable to do anything about it.
I have reported it to Facebook countless times and have
received their emails to which I have responded with the material below. Yet
they continue to do nothing about it and the scam continues unabated.
How the scam works
Using a captured account, they send Direct Messages (DMs) to all the followers of that account. Not all at once, just a few at a time, metered so as not to cause too much alarm.
The DM is intended to get your attention. It will say
things like:
“Lol, I see you are famous now” or
“Lol, didn’t you see them recording you” or
“Someone is saying disgusting things about you” etc.
In each case above they provide a link to the Facebook
app which has been static for several weeks now as:
Here is how it looks:
The suspicious Tweep will close down this app and
ignore it. After all the only URL that should ever ask you for this information
is "https://twitter.com" If it's any other URL then it’s fraudulent.
The investigative Tweep may try entering any false
account and password.
They’ll discover it doesn’t complain about the bad
account/password. Hence they have confirmed the scam.
The false details will be sent on and things will progress
per “The unsuspecting Tweep” below except that nobody’s account is hacked.
Incidentally a smart trick here is to enter the account name
of that from which you got the DM and enter a junk password. If their logs are
automated, which they probably are, this will overwrite the previously correct
password, so that account may now be safe.
The cheeky Tweep will give them hell by
sending them messages via the account and password fields. This is good
for the ego but it’s not going to make much difference to the perpetrators.
The unsuspecting Tweep blissfully enters their
account and password details at which point this information is sent to the
perpetrators, thus their account is now hacked and available for use in further propagating the scam.
You are then passed to a page on their URL which has
varied over the past weeks from
or
or
or
and others
***BEWARE THESE SITES TRY TO BREAK THROUGH YOUR FIREWALL***
The page is always the same and looks like this:
Now we are down to the main purpose of the scam which is to
get you to install their spyware onto your computer.
The unsuspecting Tweep with hit the “Install”
button at which time the spyware installer is downloaded, disguised to look like
a Flash Player update. Then they will proceed with the install and the spyware
is now loaded to their computer.
The BullGuard report
So that I could report the file to BullGuard I did hit
the “Install”, took note of the file name being downloaded and aborted the
download. The file was “FlashPlayerV10.1.57.1---.exe”
On checking with Adobe I found my Flash
Player was currently version 11, so their scam is looking a little out of date.
I wonder if they will fix that!
BullGuard confirmed the file contained “malicious code” meaning "Virus" or "Spyware". Nobody is
going to go to this much trouble to play around with a virus, so you can bet on it
being spyware, which is probably making them a living; else they wouldn’t be
doing it
So here is the BullGuard Email/Report in
full:
QUOTE
Subj: [116-17E58413-024A] BullGuard
Support Inquiry
Date: 16/9/2012
Dear Robert,
Thank you for contacting BullGuard Support.
I am contacting you with regards to the Facebook application renamed as "FlashPlayerV10.1.57.1---.exe that you submitted to our attention. The result of our virus lab is indeed positive: the app does contain malicious code and it will be detected by our Antivirus engine with the next update.
I would like to thank you for drawing our attention to this security issue.
Do not hesitate to contact us if you require any additional assistance or information.
Please remember our Support Service is available 24/7 at support@bullguard.com andhttps://www.bullguard.com/support/live-support.aspx, or through the BullGuard application > Support section.
Thank you for your cooperation.
Best regards,
Cristiana Cucu
BullGuard Support Team
support@bullguard.com
http://www.bullguard.com
Date: 16/9/2012
Dear Robert,
Thank you for contacting BullGuard Support.
I am contacting you with regards to the Facebook application renamed as "FlashPlayerV10.1.57.1---.exe that you submitted to our attention. The result of our virus lab is indeed positive: the app does contain malicious code and it will be detected by our Antivirus engine with the next update.
I would like to thank you for drawing our attention to this security issue.
Do not hesitate to contact us if you require any additional assistance or information.
Please remember our Support Service is available 24/7 at support@bullguard.com andhttps://www.bullguard.com/support/live-support.aspx, or through the BullGuard application > Support section.
Thank you for your cooperation.
Best regards,
Cristiana Cucu
BullGuard Support Team
support@bullguard.com
http://www.bullguard.com
UNQUOTE
Finale
Enjoy playing with this scam Tweeps. Give
them hell !!
Spread the word so we starve these crooks out of it and if we all keep reporting the App to Facebook via the “Report/Contact this App” (Bottom right of the App screen) it may just wake them up from their apparent slumber.
Spread the word so we starve these crooks out of it and if we all keep reporting the App to Facebook via the “Report/Contact this App” (Bottom right of the App screen) it may just wake them up from their apparent slumber.
Twitter-lookalike scams
Scammers spotted thus far are using URL tvivvter.com (now disappeared) and twitlter.com.
The latter has been reported to Google via http://www.google.com/safebrowsing/report_phish/ and is now trapped by Google chrome. Other browsers may not do so. It links you to a similar page to the #FBscam. Here's their scam page:
This scam appears to be in a development phase as it links to Twitter to try and authenticate the account/password detail. This is what you get currently:
All they will achieve with this scam so far is to steal your account and password details.
Unbelievable as it may seem but dare I say it "I think we are winning the Twitter scammers war". No maybe I won't say it. Should know better! It will go on forever so watch out for them!
