14 DAY TRIAL // Users on Facebook are receiving a message promoting a giveaway campaign from Kmart and offering a gift card worth $1,000 / €758; the campaign is fake and the post is from scammers trying to deceive potential victims into completing online surveys.
The usual modus operandi in this type of malicious activities on social networking websites is to make the potential victim share the fake message with their friends before getting to the alleged goods.
However, in this case, the crooks have upped the ante and ask the victims to share the post with six different Facebook groups, Hoax-Slayer reports, in order to spread the bait to a restricted audience that is more likely to trust the post from a fellow member of the group.
Facebook groups are designed to create a space shared by users that have something specific in common. “Groups let you share things with the people who will care about them most. By creating a group for each of the important parts of your life — family, teammates, coworkers — you decide who sees what you share,” explains Facebook.
As such, the success rate for the scam should be higher, since the trust level between the members of the group is elevated.
Clicking on the link in the fake post offering the chance to get a Kmart gift card leads the user to a page outside Facebook but very much resembling one belonging to the social network.
One clue for the deceit is the URL address, which reveals that the page is hosted on a dodgy domain. Furthermore, fake comments that are usually simple images are published in order to show the potential victim that others have already benefited from Kmart’s generous offer.
After sharing the scammy page, the true colors of the campaign are revealed, as online surveys with various themes are served.
Cybercriminals are paid for completing them, and the more surveys are completed, the more money they make.
This may seem like a harmless activity, but in plenty of cases, personal details are asked, like the phone number or email address, which can be sold to marketers or to other crooks.
Phishing or spam campaigns can then be deployed, delivering malware that enslaves the computer into a botnet leveraged for other nefarious activities (DDoS attacks, scanning the Internet for vulnerable machines) or for stealing financial information.
Crooks always try to find new and efficient lures to attract unsuspecting users into their trap. In a recent example, they used a picture of a man, claiming that spiders came out of his leg.