[Alert] Free "Smiley" hats & Free Vans shoes a Scam

So far over 300,000 people have been duped into "liking" a facebook page that claims to offer the first 750,000 people who like the page free "Smiley" hats and Vans brand shoes.

Here's what the junk Smiley Hat scam looks like in your facebook account:
...and here's what the fake Vans shoes scam looks like:
Sophos, an antivirus software company specializing in business-oriented antivirus software, appears to be one of the first to break the news of this latest scam on their blog with the aptly named page: "Smiley Hats Vans Facebook Scams".

Graham Cluley, who wrote the piece for Sophos sums it up, saying,
...do you really believe that you are going to be sent a smiley hat?

"And who is this un-named company that is planning to ask 750,000 people for their name and postal address?

"Is it possible they are planning to do anything else with that information if you hand it over to them?

And what - seriously - are the chances that they are going to spend the money shipping that many hats to people who don't even know what brand it is that they are promoting.
Here's my $.02.

If it's legit, how are they planning to collect mailing addresses for that many people?

Think about it. Seven hundred fifty THOUSAND people.

Let's assume the mailing cost alone is $2/hat, we'll be optimistic.

You're talking about 1.5 *million* dollars just in mailing costs. Oh, and what brand is being promoted? Who's footing the bill for mailing the hats?

And we haven't even talked about the technology required to track that many addresses, link them to facebook accounts, and ensure everyone has been mailed one (but not several! hats) as it's going to take days--or even weeks--to get everyone to send in their addresses for the hats.

Oh, yah... and what about the cost of the hats themselves?

Even if they're $1 a piece to make, you're still talking about another $750,000 in costs. All with no mention of a brand behind it.

Methinks there's a rat in here somewhere.

As for Vans, Cluely says they're already disavowed the promotion for free shoes with this post to their official Vans Europe facebook page,

What should I do

If you've already liked either of these scams, do yourself--and your friends--a favor and at least "unlike" them. No reason to help the scammers get any further in their ploy to get your personal information.

Next, pay attention to your inbox. There's little question these scammers are looking to get at your email address to send you spam, phishing, and even spear-phishing emails.

Pay attention to what you click in your inbox. Think about what you're clicking on and who might have really sent that email to you.

And, let's remember: Facebook really is an incredible site with a whole world inside. The problem is, there is a whole world inside, good people and scammers alike.

Just because you're "surrounded" by friends in facebook, doesn't mean you get to check your street smarts at the [login] box.

The bottom line here: if it sounds too good to be true, it probably is.

Thanks and credit to Sophos and Graham Cluely for the find and the screenshots.


Facebook "Baby Born Amazing Effect" is a Scam

Given the size of the Facebook network, it should be no surprise to any of us that the scammers are trying to target their next victims here, too.

The fine folks at antivirus software company Sophos have been keeping tabs on the latest Facebook scam, "Baby Born Amazing effect". This particular scam is being tracked by Sophos security researcher Graham Cluley who says,

Messages are spreading rapidly across Facebook, as users get tricked into clicking on links claiming to show an amazing video of a big baby being born.

"The messages are spreading with the assistance of a clickjacking scam (sometimes known as likejacking) which means that users do not realize that they are invisibly pressing a "Like" button to pass the message onto their online friends.

Now the real questions:

  1. What danger does this pose?
  2. How do I get rid of it?

What danger does this pose>

The actual danger to a Facebook user is pretty negligible.

The scam is that by tricking people into "Liking" their video, they're able to artificially inflate their Facebook "Like" count. Real "Like" counts tend to grow pretty slowly, so for someone looking to make a mint in Facebook, garnering a lot of "Likes" can bring in real money fairly quickly.

How do I get rid of it

Here's how:

    [See: Image 1]
  1. Find the offending message on your Facebook page.
  2. Select Remove post and unlike.
  3. [See: Image 2]
  4. Go into your profile (top right corner)
  5. Select "Activities and Interests"
  6. Remove the "Born Baby Amazing Effect" (and anything else you don't like)

[Image 1]

[Image 2]

[N.B. We have to give full credit to Graham Cluley and Sophos for snagging these screenshots from within Facebook so we can help people get rid of this crap.]

Just to reiterate, this particular scam doesn't carry any typical virus payload and doesn't pose any threat to your PC. The only threat is in tricking other friends of yours to do the same thing and ultimately in helping a scammer inflate his or her bank account.

The one caveat here is that if you've made your Facebook personal profile information public, you have shared this information with the scammer, so who know what they're up to.

Put another way: you might want to reconsider what information you're sharing publicly within Facebook.


Facebook Koobface virus

120,000,000 people use Facebook, and we're all being targeted by "Koobface" that leverages Facebook.com's instant messaging system to infect PCs.

The target according to Yahoo?

Your credit card numbers.

Not surprisingly, the Koobface/Facebook story showed up on Yahoo! News today [editor's note: the article has been removed since this blog was written, so the link to it has also been removed], and according to Facebook's spokesman, Barry Schnitt, few people were affected (so far).

A few things about this story (and the McAfee Antivirus blog) caught our attention:

  1. The fine folks at McAfee already have a security blog on Koobface of their own up. Hopefully, that will help spread the word.
  2. The virus, like many, is really a social engineering attack and not a worm that spreads willy-nilly on its own.
  3. Don't open links you aren't expecting--no matter how juicy they may be. It's really not worth it.
  4. According to McAfee's blog, the purpose of the virus is to push you through a proxy server to enlist you in click fraud. (More on this later.)

The original Yahoo! story goes on with this quote, with wise words we couldn't agree with more:

"'Facebook requires senders of messages within the network to be members and hides user data from people who do not have accounts, said Chris Boyd, a researcher with FaceTime Security Labs. Because of that, users tend to be far less suspicious of messages they receive in the network.

'People tend to let their guard down. They think you've got to log in with an account, so there is no way that worms and other viruses could infect them,' Boyd said."

Well said, Mr. Boyd. Well said, indeed. But, meanwhile back to the click fraud.

We all know how vigilant the various search engines are working on preventing it (or at least they claim to be), but what's odd is that the Yahoo! story explicitly mentions the McAfee blog yet it fails to mention anything about click fraud and instead mentions the theft of credit card numbers.

Once again, we smell a rat. (Actually, there are probably a couple here, but we're splitting hairs.)

This component listens on TCP port 9090 and proxies all HTTP traffic, in particular looking for traffic to Google, Yahoo, MSN, and Live.com for the purpose of hijacking search results. Search terms are directed to find-www.net. This enables ad hijacking and click fraud.

Hmmm. How is it the precise mechanism is so clearly articulated in the McAfee blog, but some other excuse is fashioned up in the Yahoo! story? We all make mistakes. Perhaps an oversight. Funny though, isn't it, that their very search engine is one caught up and targeted for click fraud by the fraudsters.

'Til next time, fair readers, keep your firewalls up and your antivirus software scanning.