Thursday, January 12, 2012

There's No Love for the McDonald's Facebook Scam

McDonald's: I'm NOT lovin' it.That offer to eat at McDonald’s for FREE? I’m not lovin’ it.

Cybercriminals have launched a new spam campaign that’s leading unsuspecting Facebook users straight into a survey scam or worse – a malware booby trap!

As always, things start out innocent enough: you login to Facebook only to see a friend has shared the rare offer to eat at the Big Mac serving restaurant for free:
Eat at McDonalds for FREE! (limited time only)

McDonald's is currently giving away free meal vouchers to all Facebook users!


Eat at McDonald's Spam Message

(Keep in mind that multiple URLs are being used in this scam.)

Thinking that there’s no way you’re going to pass up on the possibility of scoring some chicken McNuggets with your favorite sauce, you click on the link and find yourself staring at a page decorated with the huge golden “M” and promises to grant you one free McDonald’s meal if you follow a few steps.  The first one being to post the offer on your profile, just like the Facebook friend that shared the offer with you did:

McDonald's Free Meal Facebook Scam

Leave a comment on the "Eat a McDonald's Free" Facebook Scam PageOnce you’ve done that, you’ll be presented with the final step, which is to add a comment saying, “Thanks, I love it!!!” The scammers ask you to do this to help fool future victims into thinking that the offer is legitimate. After all, why would so many people comment on a scam page, right?

It’s at that point where the scam begins to resemble a box of chocolates: you just never know what you’re going to get.

You could be kicked to another site that asks you to complete a series of surveys in order to “verify your humanity” and open yourself up to more targeted spam and scam campaigns.

ESET NOD32 Stops Malware Served by McDonald's Facebook ScamOther setups will direct to a website ( that tries to infect your machine with the HTML/ScrInject.B.Gen virus!

At that point your fate relies solely on whatever antivirus program you have chosen to protect your machine. My computer  happens to be backed by ESET’s NOD32 Antivirus software, which was able to thwart this attack, so all is well.

Others may not be so lucky..

Have you already fallen for the McDonald’s scam?

  1. Delete all Facebook activity related to the McDonald’s scam: wall posts, comment history – everything! Do not leave any links that could potentially be followed by one of your Facebook pals.

  2. Check that your antivirus software is up-to-date and run a full system scan to make sure you weren’t infected with anything.

  3. Double-check that your operating system is current and fully patched. (You should always do this.) This will improve your defenses against drive-by-download attacks that exploit system vulnerabilities in order to plant malware on your PC.

  4. Warn your family and friends not to follow any offers that state you can win a free meal at McDonald’s. If they’ve already fallen for it, refer them to the 3 steps above.

  5. Avoid clicking on links related to “free offers” on Facebook. Cybercrooks often promote bogus offers  on the popular social networking site in order to trick users into falling for survey scams or visit malicious websites.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment