14 DAY TRIAL // Gaith Taha from the security company McAfee revealed another technique used nowadays to steal credit card information from the naive users. First of all, you should know that it concerns Facebook, one of the most popular social websites in our days. Using this webpage, a user called Natalie sent private messages on Facebook, requiring users to add her as friend on Windows Live Messenger. "After spending a couple of minutes inspecting that spam, it was obvious that the spammer didn't utilise Facebook in any technical manner but rather as a pure social-engineering trick to get people to read that spam," the McAfee expert wrote.
The interesting aspect of this exploitation comes when you're encouraged to add Natalie on the Microsoft instant messenger in order to talk with her. According to Gaith, Natalie was only a MSN bot that sent quite humanly messages in order to trick the victims and make them think they are chatting with a real person. "Natalie turned to be an MSN bot with an "appealing" avatar. The bot itself wasn't engaging itself in any sort of conversation rather than trying to get people "tempted" to step to the next stage. Natalie-the-bot used a couple of tricks to imitate real human conversational behavior. Every time it sent me a lengthy message, it didn't send it in one burst."
Moreover, Windows Live Messenger often displayed the "...is typing a message" which takes the bot even closer to reality. What's most impressive is that Natalie tries to send a JPG file that actually fails to be transferred. "It was never meant to be delivered anyway!" the McAfee employee wrote.
"By the end of the "conversation" this spam was actually trying to get people to submit their credit card details in exchange for some live webcam shows by the infamous Natalie. Allegedly, there was a real Natalie which was causing all this noise. I hope that nobody has fallen for this or similar tricks," Gaith Taha added.