14 DAY TRIAL // Security researchers from Sophos warn that scammers are reusing an older lure a teacher hitting a student to trick Facebook users into spamming their friends and completing surveys. The most intriguing part of this attack is that people are falling for it, despite this being old news and an identical scam running almost two months ago.
“I am shocked!!! The teacher nearly killed this boy. Video here: hxxp:/tiny.cc/horrifying - Worldwide scandal!” the spam messages posted from the profile of users who fell for this scam, read. Opening the link takes users to a rogue Facebook application, which displays a video thumbnail and asks visitors to click on it.
Doing this prompts a standard dialog informing users that the application wants access to their basic information as well as to post on their wall. People who allow it to do that will get their profile spammed with the same message that brought them there in the first place.
However, the video is still not revealed after this step. All users get to see is an even larger thumbnail, which when clicked tells that for security reasons they have to take at least one of six surveys first.
These surveys are part of affiliate marketing scams, in which the scammers receive money for directing people to various advertising websites. Furthermore, most of the offers displayed on these websites require users to provide a wealth of information about themselves, which is later used for additional advertising, and generally try to convince them to sign up for some premium service.
A scam very similar to this one, capitalizing on the same subject and using an identical spam message, circulated on Facebook back in May. At the time, a real video of a 40-year-old teacher named Sherri Davis attacking a student was posted on YouTube. The incident was widely covered in the media, and caused Davis to be fired from Jamie's House Charter School in Houston, Texas, where she used to worked.
“Clearly it's appalling that these links are still spreading virally at such speed across Facebook, duping users. It seems to me that Facebook is virtually impotent to do anything about them - whenever they close down one rogue application the bad guys just create another. […] Maybe it's time for Facebook to put more restrictions over who is allowed to create applications on their social network, as the current system just isn't working,” Sophos Senior Technology Consultant Graham Cluley, who reported the new scam, said.
You can follow the editor on Twitter @lconstantin