Facebook Scam Abuses LinkedIn Redirector

Security researchers have identified a new Facebook scam which abuses LinkedIn's open URL redirector in order to bypass spam filters and lend credibility to the fake messages.

Users are lured with rogue wall posts that read: "The Video Tweet That Just Ended Justin Biebers Career For Good" and appear to link to pages hosted on linkedin.com.

In reality, the links lead to http://linkedin.com/redirect?=[scam_URL], a redirect script that further directs users to the scam page.

The landing page displays a censored video thumbnail of someone who resembles Justin Bieber and a girl who hides her face. The image is enticing enough for users to want to press the play button.

However, doing so will not allow them to see any recording. Instead, they will be asked to fill in a survey before they are allowed to access the content. Scammers earn commission money through affiliate marketing schemes for every user who fills in one of the surveys.

Using open redirectors hosted on high-profile domains is not a new technique. Up until recently, spammers used to abuse Facebook's own redirect script, however, the company signed a partnership with Web of Trust (WOT) to check all outgoing links.

The new URL filtering system seems to be working with scammers finding it increasingly hard to keep their campaigns online for long. WOT is backed up by a large community of users who can react quickly to flag malicious links.

Meanwhile, LinkedIn's redirector doesn't seem to enforce the same restrictions or checks and thanks to the high-profile nature of the domain can easily pass Facebook's URL filtering mechanism.

The new technique is proof of the inventiveness of scammers who are continuously adapting to the anti-abuse measures enforced by Facebook and is a clear sign that users also need to employ third-party Web protection solutions.