14 DAY TRIAL // The prospect of changing the color of the Facebook profile is enticing enough for the average social networking user to follow a link, and scammers know this all too well; that’s why they started using the same old trick again, and 10,000 individuals have been affected already.
Researchers at Cheetah Mobile say that links promising to lead to a color changing application for Facebook redirects you to a phishing site.
“The phishing site has two ways or attacking consumers. First, by stealing the users Facebook ‘Access Tokens’ by asking them to view a color changer tutorial video. At this point the hackers gain temporary access to these tokens which allows them to connect with the user’s Facebook friends,” is explained in a Cheetah Mobile blog post.
Even if users decide not to watch the tutorial, they are still exposed to risk as the page tries to push malicious software downloads, customized for the type of device used.
A PC user is offered an adult video player, but in the case of Android the potential victim is served a warning saying that the device is infected; a fake antivirus solution is then offered for installation.
Cheetah Mobile researchers say that a user already robbed of the access token can still recover their account by changing their password and removing the color changer app from the profile.
They warn that more than 10,000 individuals have been affected by this malicious campaign.
The number may seem too large for a scam that is not at its first round on Facebook, but researcher from other security firms seem to back these claims.
Recently, Bitdefender has released a top 10 with the most spread scams on the social networking website and the “color changing app” bait was the second most prevalent, with an occurrence of 7.38% in the United States, the United Kingdom and Australia.
At the top of the list is a scam promising the unsuspecting user an application that can provide the total number of profile visitors as well as their identity. According to Bitdefender, this bait covers more than 30% of all the scams currently used on Facebook.
It seems that cybercrooks are no longer relying on famous names to lure users into their deceit as the bait combining Rihanna and adult content in the same sentence is the third most prevalent scam at the moment.