Crooks rely on smishing and tweets to divert to potentially malicious sites

Sep 2, 2014 15:03 GMT  ·  By

The recent incident in which pics of scantily clad or unclad female celebrities were leaked online rattled not only the interest of their fans but also of scammers, who tried to capitalize on the brute-force vulnerability used by the hackers for the deed.

The content popped up on 4Chan and AnonIB starting Sunday evening, exposing more skin than celebs would have wanted; it is believed that the method used by the perps was to brute-force the login into Apple’s iCloud service, which did not have protection against this type of attack.

Having this information, scammers began to profit from the weakness and prepared phishing emails targeting AppleID credentials.

Not just emails are delivered by the cybercriminals, as Satnam Narang from Symantec notes that, in this case, smishing is also used, to the same end; smishing is a phishing attack carried out via short text messages sent to the victim’s phone.

The messages claim to be from an Apple division (support or security group) and inform the potential victim that unauthorized access to their iCloud account has been detected.

Signing into the account via a provided link is the solution to solving the problem and proving they’re the true owners. Of course, the URL points to a spoofed website featuring login form fields that automatically deliver to the crooks every character typed in.

“Since this story broke, users have taken to various social networks and search engines to look for news about the stolen photographs. Knowing that people are searching for this content, it hasn’t taken long for scammers to try to take advantage of it,” Narang writes.

Malicious tweets have also been observed, one of them being aimed at Victoria Justice, one of the victims of the celeb photo hack, in reply to her denying the authenticity of the leaked images with her.

“These so called nudes of me are FAKE people. Let me nip this in the bud right now. *pun intended*,” she wrote.

At this, someone replied that TMZ had leaked more than 20 pics, providing a link that directed to a spoofed TMZ site, which, at one point, asked visitors to install a Flash video player.

The piece of software was part of an affiliate marketing scheme that earns the scammer money for each installation of the product.

We also spotted some scam attempts, on 4Chan, with individuals offering links that pointed to the same affiliate marketing scheme reported by Symantec. In one case, rickrolling was involved.