Facebook schemes initiated by cybercriminals who want to make a profit by luring customers to affiliate marketing websites have been around for quite some time. However, according to Websense experts, the crooks are coming up with new techniques to ensure their operations’ success.In the latest Christmas-themed Facebook scams, victims are lured with posts advertising certain videos of attractive young girls. The posts are entitled something like “[OMG] This video was on the NEWS,” “Guess which celebrity this is,” or “Seriously she got attacked.”
When internauts click on the links, they’re taken to a fake Facebook page that promises a “fail blog daily video.”
On this page, the play button of the video window hides a malicious script which either triggers a “Like” – in order to propagate the scam –, or it further redirects victims to another fake video page that utilizes the Cost Per Action advertising method to unlock an alleged YouTube video.
However, after a certain period, victims who don’t press the play button are automatically presented with a message that reads “Merry Christmas!” after which they’re told that they won a prize from retailers such as ASDA, Best Buy or Walmart.
This is the point where users are directed to sites that support affiliate programs. These services are not illegal, but the crooks are relying on the Facebook posts to draw as many users as possible with their affiliate IDs.
By accessing the site with the cybercriminals’ affiliate ID, victims are actually helping the crooks make money.
One noteworthy aspect of this campaign is the fact that the scammers are relying on compromised freedns.afraid.org accounts to host the scam sites. freedns.afraid.org is a service that allows domain owners to benefit from free DNS services.
Fortunately, experts say that Facebook has this campaign under control and the number of scam posts has decreased. However, users are still advised to avoid such videos and voucher offers since similar operations might be launched at any time.