When a Facebook Concert ticket giveaway event appears on a friend’s wall, it might be a scam that leads to plenty of wall spam or malware could be downloaded to your computer without your knowledge or consent. This morning’s scam event claimed that the band One Direction (1D), a very popular U.K. band who debuted at #1 on the U.S. billboard 200 was giving away free tickets to loyal fans.
Many of the fake pages were titled Free 1D Tickets Giveaway! (Limited Offer). In order to get a free ticket code you have to jump through quite a few hoops. You have to join the event and then you have to invite your friends to the event. They even tell you how to select your friends faster!
Next, you supposedly need to be ‘verified’ by the scammers and then wait 12-24 hours to receive the ticket code. The waiting period allows them to set up other fake pages or to start new scam campaigns with another band or popular trending event. Don’t hang out out with your messenger waiting for a response from these scammers, because you won’t be receiving the ticket code in this lifetime.
They also have a rogue VIP scam that includes a bit.ly link, that when clicked, silently sneaks you over to a Prizepalacepalace website (without your knowledge) and is either using it for rogue affiliate marketing purposes or you could end up with malware downloaded to your computer.
Clicking on the above link sends you through a series of redirects (all unencrypted) and there is no telling what the code on their end could be baking in the code-oven. The final redirect sends you back to Facebook to join their scam event. On the short URL that I listed above there is a tracker and two other websites (that were recently purchased) that lie well below security community radar, (for potential deployment of malware or unsavory code bits in the future).
Social Engineering Tactics
In Commtouch’s quarterly Internet Threats Trend Report, 74% of Facebook attacks were targeted at leading users to fraudulent marketing affiliate and survey scams (out of the Facebook scams that proliferated in 2011). The benefits for cybercriminals can become lucrative. They often receive affiliate payments for driving users to specific sites and they can also collect personal data for the purpose of identity theft. They can spread malware through rogue apps (or rogue code) that steals passwords or sends spam and they can also generate an enormous number of ‘likes’ with no clear malicious purpose.
One of the most important components of furthering their scam is through the use of your ‘friends’ network. Utilizing the trust factor – they lull you in to believing that you just might be able to receive FREE tickets to see One Direction if you share this with all your friends too (via the power of socially engineered persuasion).
Before joining any event on Facebook check with an authentic source first!
We all know that if the band was really giving away free tickets to their loyal fans that it would be listed somewhere on their fan page. One Direction (1D) has plenty of interesting tabs, but you won’t find a FREE ticket giveaway tab on their page.
Where do I go from here?
Check with the Facebook Help Center and learn how to report scams and spam. Be sure that you report the rogue page and get your friends to report it too. Get these scammers shut down and become part of the solution to help make Facebook a safer place for all.
—————————————————————-No FREE tickets here…