Cybercriminals have been trying to lure WWE fans to their malicious websites, with Facebook posts that say John Cena has died, since August 2012. However, the scammers are now also using Tumblr as part of the scam.
The scam posts are pretty much the same as they were back in August.
They read something like: “John Cena (John Felix Anthony Cena) of World Wrestling Entertainment died in a head injury while perfecting a wrestling stunt with WWE wrestler, Dwayne Johnson or also known as The Rock. Authorities are now investigating. Watch the original video clip from WWE and their effort to save JOHN CENA (for 18 years+).”
E Hacking News reports that users who click on the link contained in the post are taken to a Tumblr page which displays an image that mimics a video window.
Here, internauts are asked to update the “Social Media Player” in order to view the footage that shows John Cena’s last training session.
However, no one gets to see the video because it doesn’t exist. Instead, users who insist on watching it are asked to perform all sorts of tasks and even hand over their access tokens, which the cybercriminals can use to hijack their accounts.
Update. The post has been updated to clarify that the scam messages aren't posted on Tumblr. Instead, Tumblr is used to host the fake video and the malicious Social Media Player update.