Scammers have come up with a clever way to trick users into handing over their accounts

Jun 18, 2013 07:51 GMT  ·  By

Videos of man-eating snakes, of girls doing indecent things, and videos of fights, they've all been used as bait at some point by scammers who wanted to lure unsuspecting Facebook users to their phishing sites or survey scams.

Now, cybercrooks are trying to lure Facebook customers with a video purporting to show a woman that wields an axe.

“[OMG] she went inclusively nuts and lost all control of the razor-sharp axe. Well, watch what happened in this video [Link],” the scammy Facebook posts read.

According to E Hacking News, when internauts click on the video window to see the clip, they’re taken to another website where they’re asked to press CTRL+L, CTRL+W and CTRL+W.

What victims don’t know is that by pressing the key combinations, they’re actually handing over their authentication tokens to the crooks. The scammers can use the tokens to hijack the victim’s Facebook accounts and post on their behalf.

As always, Facebook users are advised to be on the lookout for such scams. If a video doesn’t start playing after you click on the play button and instead it asks you to perform all sorts of tasks, it’s likely that you’re dealing with a scam.

Sean Sullivan, security advisor at F-Secure Labs, has been kind enough to share some insight on such Facebook spam campaigns.

“Back around 2010/2011, Facebook spam was beginning to be a real problem. Even in my personal News Feed, I couldn't go a week without seeing a friend spread some Cost Per Action spam. The spam campaigns gathered tens of thousands (sometimes hundreds of thousands) of clicks,” Sullivan told Softpedia in an email.

“But success was the spammers undoing. Facebook did two things: it sued several affiliate marketing networks, and it built automation that is capable of detecting spam ‘worms’ that spread via public links,” he added.

“Since sometime in 2012, most if not all of the Facebook spam I've seen in my research has been limited to ‘Friends of Friends’.

“It's there, but its growth was significantly capped. Facebook – which typically sucks at PR – has somehow failed to broadcast this particular victory. Or perhaps the security/anti-spam team doesn't really want to declare victory in case it prompts somebody to take up the challenge.”

Updated with statement from Sean Sullivan.