Fake messages about Jackie Chan’s death are still luring Facebook users into accessing malicious online resources that lead to compromising their security and privacy.
The hoax that started back in June is still making victims on the world’s largest social network using the same message as before or a follow-up text. At the time, the star posted a picture of himself holding the day’s newspaper, as proof of life.
“Shocking news has always been the favorite way to disseminate malware, rogue media players or lead users to surveys. Jackie Chan's alleged death is just another pretense for cyber-crooks to monetize Facebook traffic,” Bogdan Botezatu, senior e-threat analyst at Bitdefender, told us via email.
In order to access the material showing the actor performing the deadly stunt or, according to some reports, watch the rescuers trying to revive him, you obviously have to unlock your Facebook account for a third-party app.
This basically translates into granting permission to post messages on your behalf (to your friends). Even worse, it can ask you to download resources (plugin, video player, etc.) that would allow you to view said content. Don’t fall for this because it easily leads to compromising the computer, since the files are most likely malware.
However, in order to get the necessary components that would allow you to quench your curiosity you may have to complete a survey, which earns the scammers money and thus their purpose is achieved.
“Unfortunately, these incidents are not isolated, and although Facebook takes all the steps to minimize the impact on users, some of these scams go on for months - once a page gets suspended, hundreds others appear; for comparison, the ‘profile stalkers’ scam has been going on for a little more than three years and is continuously showing up in feeds," Botezatu further added.
Sorin Mustaca, IT Security Expert for Avira, agrees that implementing a system that would end such scams is a tough job even for Facebook because the immense user base makes it difficult to control what happens on the portal.
We found that the Hollywood Breaking News account that appears to have started the wildfire about Jackie Chan’s death can still be accessed, although the external resources the post points to are down.
“Eventually the page will be closed, but it usually takes a while between report time and closure time. Fortunately, Facebook has also another service, which crawls the posted URLs in real-time and checks whether they are blacklisted by many security software vendors.
If the URL is known to be malicious, Facebook will notify the user about the danger of clicking,” Mustaca explained.
To avoid your friends’ falling into the trap, you can remove the messages from your news feed and revoke access to third-party apps you do not recognize.
Botezatu recommends users to install a dedicated security solution that can scan HTTP traffic.
Editor’s note: Also remember, Jackie Chan cannot die, he’s made of Chuck Norris.