The Cocoon Blog
The Internet as it should be: private, secure and virus free

When a Facebook Concert ticket giveaway event appears on a friend’s wall, it might be a scam that leads to plenty of wall spam or malware could be downloaded to your computer without your knowledge or consent. This morning’s scam event claimed that the band One Direction (1D), a very popular U.K. band who debuted at #1 on the U.S. billboard 200 was giving away free tickets to loyal fans.

Scam Events

Many of the fake pages were titled Free 1D Tickets Giveaway! (Limited Offer). In order to get a free ticket code you have to jump through quite a few hoops. You have to join the event and then you have to invite your friends to the event. They even tell you how to select your friends faster!

Next, you supposedly need to be ‘verified’ by the scammers and then wait 12-24 hours to receive the ticket code. The waiting period allows them to set up other fake pages or to start new scam campaigns with another band or popular trending event. Don’t hang out out with your messenger waiting for a response from these scammers, because you won’t be receiving the ticket code in this lifetime.

They also have a rogue VIP scam that includes a bit.ly link, that when clicked, silently sneaks  you over to a Prizepalacepalace website (without your knowledge) and is either using it for rogue affiliate marketing purposes or you could end up with malware downloaded to your computer.

Clicking on the above link sends you through a series of redirects (all unencrypted) and there is no telling what the code on their end could be baking in the code-oven. The final redirect sends you back to Facebook to join their scam event. On the short URL that I listed above there is a tracker and two other websites (that were recently purchased) that lie well below security community radar, (for potential deployment of malware or unsavory code bits in the future).

Social Engineering Tactics

In Commtouch’s quarterly Internet Threats Trend Report, 74% of Facebook attacks were targeted at leading users to fraudulent marketing affiliate and survey scams (out of the Facebook scams that proliferated in 2011). The benefits for cybercriminals can become lucrative. They often receive affiliate payments for driving users to specific sites and they can also collect personal data for the purpose of identity theft. They can spread malware through rogue apps (or rogue code) that steals passwords or sends spam and they can also generate an enormous number of ‘likes’ with no clear malicious purpose.

One of the most important components of furthering their scam is through the use of your ‘friends’ network. Utilizing the trust factor – they lull you in to believing that you just might be able to receive FREE tickets to see One Direction if you share this with all your friends too (via the power of socially engineered persuasion).

Tristan was invited by her friend…

Before joining any event on Facebook check with an authentic source first!

We all know that if the band was really giving away free tickets to their loyal fans that it would be listed somewhere on their fan page. One Direction (1D) has plenty of interesting tabs, but you won’t find a FREE ticket giveaway tab on their page.

Where do I go from here?

Check with the Facebook Help Center and learn how to report scams and spam. Be sure that you report the rogue page and get your friends to report it too. Get these scammers shut down and become part of the solution to help make Facebook  a safer place for all.

—————————————————————-No FREE tickets here…

Chester Wisniewski of Sophos Security reported yesterday that scammers are at it again. If you use the Mozilla Firefox browser, scammers detect your user-agent string and may present you with a fake Firefox security alert. The pop-up will state that it is scanning your system and that your system is affected by numerous virus attacks. It will then recommend that you click on the start protection button to erase all threats.  If you click on that button you will download the fake antivirus.

Chester sums it up well:

Taking advantage of detailed information about the person’s computer and software allows for a much more specific, believable social engineering attempt.

We are likely to continue to see these criminals targeting each operating system, browser and any other details that can be gleaned from HTTP requests sent from our devices. [Source]

When you visit any webpage, your browser sends the user-agent string to the web server that you are visiting. This string tells the hosting site what browser and version number you are using and also discloses information about your operating system and version. The user-agent string is supposed to be used by the web server to provide content that is specifically tailored to your browser. It is not supposed to be used to send you socially engineered pop-ups. You can view your browser user-agent string here.

The Cocoon plug-in for Firefox does not automatically download a file once you click on a button! Cocoon does provide a stop and think procedure in order to allow you to make the choice whether to download the file or not.

You can find out more about Cocoon at GetCocoon.com

Stop by and say hello on Twitter and Facebook too – The Cocoon Team!