Monday, March 12, 2012

Survey Scams Using Fake CAPTCHA to Spread on Facebook

FacebookLet’s say you click a link on Facebook, which takes you to a page asking you to fill in the text from a CAPTCHA image in order to “confirm your identity” before viewing the content.

Would you think twice before entering the image text?

Probably not, but...maybe you should.

After all, researchers over at BitDefender recently spotted a new survey scam that’s using a fake CAPTCHA in order to spread the fraudulent love.

Here is the spam message that is luring folks in and being posted on the new victim’s Facebook wall once they fall for the scam:

PHOTO! Girl accidentally sends dad SMS about her FIRST TIME!
This is the funniest thing ever!

How the CAPTCHA Survey Scam Works

Upon clicking the link, the user will be taken to what appears to be a spoofed YouTube page where they will be presented with a dialog window asking that they enter the text displayed in the CAPTCHA image. If you look closely, though, you will see that the word ‘Comment’ is behind the large ‘Submit’ lettering, serving as a hint that things aren’t what they seem.

Facebook CAPTCHA Survey Scam

Credit: BitDefender (MalwareCity)

Once the ‘Submit’ button is pressed, the victim will be presented with a variety of surveys to complete in order to "prove they are human" in order to gain access to the photo.

Meanwhile, the spam message has been posted to their Facebook wall in hopes of tricking all of their Facebook pals into falling for the same scam.

Cybercriminals often launch survey scams like these since they get paid a commission for each completed survey - although they've been known to use the collected information to commit identity fraud or sign the user up for expensive SMS subscription services.

With that said, don’t be blinded by curiosity when exploring links shared by your Facebook pals. If you’ve fallen for this scam, be sure to remove the spam message from your wall and enlighten anyone you see posting it on theirs.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment