Embedded Facebook comments, meant to make stories more social, have become the latest breeding ground for internet cons.
Symantec
In recent years, publishers, including BuzzFeed, have embraced embedded Facebook comments as a way to boost their readership, promote sharing, and outsource the painstaking work of community moderation. According to a new report from the security giant Symantec, these comments have become a breeding ground for scammers, who spread spyware and malware by baiting users with spam that promises free first-run movies.
"Enabling Facebook comments is supposed to make things more social," the author of the study, Satnam Narang, a senior security response manager at Symantec, told BuzzFeed News. "But anytime you introduce something new it's going to be ripe for the picking for scammers."
The Facebook comment plugin isn't new; the company introduced it in 2009. But this scam may well be. Here's how it works: Scammers, using either fake user accounts or Pages, leave comments below popular articles (Narang originally found the scam while he was reading the comments in an article on BuzzFeed about The Walking Dead). The comments contain a bit.ly link that redirects users through Adcash, an Estonian advertising network that, according to Symantec, "has been known to host advertisements that are malicious." (Adcash did not respond to a request for comment.)
From here, users are taken to a fake video player. Clicking on the fake video redirects users to a technical support scam site. These sites, which have been around for years, induce pop-ups that falsely inform users that they have been infected with malware and typically include a number to call to "remove" the supposed malware. (The number usually calls a tech support worker who offers to clean a user's computer, for a cost, completing the scam.)
Symantec
The "free movie" scam isn't ubiquitous, but it's also not limited to BuzzFeed's Facebook comments: Narang found examples of the same scam on ESPN and the Huffington Post. It affects users on PC, Mac, and iPhone. And it can be extremely effective. One fake video player, which claims to show last month's Paul Rudd vehicle Ant-Man, has been clicked on more than 5,000 times.
from BuzzFeed - Tech http://ift.tt/1P9fFVx
via IFTTT
Hiç yorum yok:
Yorum Gönder