Scammers tap the power of Facebook to offer `free' iPhones a-plenty

Free iPhone? More like an iPhoney...

NSA has cracked the iPhone, claims researcher
NSA has cracked the iPhone, claims researcher
With Apple reportedly raking in more than four million pre-orders for the new iPhone 6, it was perhaps inevitable that scammers were standing by to cash in on the iPhone ordering frenzy.

According to Deborah Salmi of Avast, unlike previous scams with new iPhone launches, this time around the fraudsters are tapping into the power for social media, with paid-for advertising pages popping up on Facebook, claiming that people who like, share, and comment on a post can win an iPhone 6.

This type of scam, she says in her analysis, is referred to as `like harvesting.'

"The scammer makes the page popular by collecting likes and then sells the page to other scammers. The offer of a new device, like the iPhone 6, entices people to click the like button then spam their friends with the bogus promotion. Thousands of likes can accumulate within a few hours, making the page quite valuable on the black market," she said, adding that the new `owner' then rebrands the page to peddle more questionable products and services with their built-in audience.

A variation on this scam, she went on to say, is the Survey Scam.

"As with like harvesting, you must first like the Facebook page. The difference is that you need to also share a link with your Facebook friends," she said, adding that the link takes users to a page where you are instructed to download a `participation application.'

At this stage, Avast says its research suggests that the pop-up window leads users to participate in a survey before they can download the application.

Some surveys, says the security vendor, will ask for personal information such as your mobile phone number and/or name plus address, opening up the user to receive expensive premium rate text messages, annoying phone calls and - inevitably - junk mail.

Malicious code


As you might expect. the download can contain malicious code. The only thing you can be guaranteed not to get, however, is an iPhone 6.

According to Michael Sutton, VP of security research with Zscaler, this particular `like harvesting' scam for the iPhone 6 is quite basic as it is a straightforward social engineering scam.

"In this case users must manually 'like' and 'share' the page but there is no effort to redirect the user to third party content," he said, adding that `like harvesting' is inevitable for any breaking news story as scammers will try to cash in on the wave of publicity - and then try to build a popular page, before selling it off to others.

"Other groups will then use the page to promote some sort of pay-per-click scam whereby they make money by redirecting users to ads or surveys," he noted.

Over at Alert Logic, Richard Cassidy, the firm's senior solutions architect, said that this type of fraud will always be an underground industry favourite,

"Coupled with the proliferation of social media networks - and the ever growing younger population of Web users - it is becoming easier to extort personal information than ever before," he explained.
Page 1 of 2