Cyber-criminals are no longer just using Facebook for identity theft or phishing scams. Now, they are using the social-networking platform to defraud affiliate businesses, according to security researchers.
Facebook swindlers directed their victims toward affiliate marketing sites in approximately three-quarters of scams in 2011. The in-depth analysis of Facebook scams that proliferated on the site in 2011 was published in Commtouch’s Internet Threats Trend Report.
Unsuspecting users are tricked into clicking on links posted on Facebook to go to affiliate sites where they fill out various surveys. The surveys generated affiliate payments for the scammers and wind up costing the legitimate businesses that pay those fees, Commtouch said.
Affiliate marketing was a “rich source” of income for scammers, according to Amir Lev, CTO of Commtouch.
Affiliate sites are a popular form of online marketing to generate user traffic. Businesses pay sites a fee for referring visitors to the site. Popular examples are reward sites where users earn cash or gifts for completing an offer and sending more people to the retailer’s site. When scammers set up affiliate marketing sites, they get a cut of the payments from the original retailer for diverting users to specific sites.
“Legitimate businesses are often defrauded of their affiliate marketing budget by having them included in these pages,” the report found.
Scammers can also harvest any personal data that was entered in the surveys and used for identity theft, according to the report.
Criminals generally use one of the four main ways to set up their social-engineering tricks, Commtouch researchers found. The most common (36 percent) relied on links, often spammed by friends, promising to show videos of shocking or tragic stories, the report found.
These links proliferate because they tickle people’s curiosity. However, free merchandise offers, such as free airline tickets, a free iPad or even unreleased Facebook phones, were the most common tactic used in the second half of 2011, accounting for 26 percent of the scams analysed in the report.
Users are typically aware that they are sharing these links, but they may think they are being helpful by posting the virus warnings or sharing great deals, the report found.
Sensational headlines after major news events are another effective way to ensnare victims, such as links promising exclusive video footage of Osama bin Laden’s death. Fake applications are also frequently used, such as the “dislike” button or applications that promise to reveal who has been viewing their profiles, the report found.
For criminals, it was not enough to just trick users, as criminals need to make sure the attacks spread and continue to trap other people, Commtouch said. They were most likely to trick users into sharing the links almost half the time, but also tricked users into copy-pasting malicious code to trigger a cross-site scripting attack or downloading malware.
Rogue applications and “like-jacking” – which employs a malicious script on the page to convert any mouse clicks on the page as a “like” that is also visible to other users – were employed in about a third of the scams.
“In 48 percent of the cases, unwitting users themselves are responsible for distributing the undesirable content by clicking on ‘like’ or ‘share’ buttons,” according to Commtouch.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
Aren't criminals a clever bunch these days? Most criminals can barely spell their own names never mind devise scams like these. That is usually the reason they have to resort to crime in the first place.
Good "story"
Excellent use of the scare-mongering tactic.
Could easily give Poe or Lovecraft a run for their money.