Once again, social networks are taken advantage of by cybercriminals to carry out their deceptions. On this occasion, Eset, a leading company in proactive threat detection, analyzes a new attack modality, very active in Latin America in recent times, on the Facebook social network. The hoax takes advantage of legitimate broadcasts, made from the official accounts of famous personalities, to publish them as live broadcasts from fake accounts and thus impersonate these public figures.
In these false “live”, as these transmissions are often said, the scammers publish the videos and invite through the chat to participate in a dynamic in which they must decipher a visual puzzle. Once the puzzle is solved, the victims must post the answer in the comments to be “eligible” and thus receive a supposed prize.
Once the user sends the response, automatically from the apocryphal account they communicate by private message, indicating the steps to follow to claim the promised money. First, the victim will need to share the post on their home page, and then they will need to inform friends and family of this “opportunity.” Once the victim shares it, they receive a message with a link behind the “Register” option that leads to a site where they must enter their personal data, supposedly to verify that they are a real person and thus obtain the prize.
According to the campaigns identified by Eset in recent weeks, aimed at users in Latin America, the links meet a certain pattern: they are .blogspot.com domains. They contain full names and images of the figures whose identity is impersonated in Facebook accounts, and include another link below that leads to the instance in which they must register the data.
These sites refer to the amount of money to deliver and use a timer that gives the victim two minutes. The latter, they mention from Eset, is a social engineering strategy to pressure the user to decide to take the plunge and enter sensitive information.
The second link within the site redirects to advertising websites, ending with a site that asks the victim for an email and password to subscribe to an online movie service. In addition, this system asks the victim for sensitive information about means of payment, such as credit card numbers and codes, for an alleged identity verification.
In case of moving forward, the victim will be redirected back to ad-ridden sites, no longer making any reference to the prize offered.
At first glance, it appears to be a simple attack carried out by a single scammer behind a fake account in which the identity of a random personality is spoofed. However, a simple search among the live streams available on Facebook revealed to Eset that this was not an isolated attack. On the contrary, dozens of similar publications were active with another aspect in common: the preference for the Latin American afternoon strip.
These transmissions are uploaded to Facebook by multiple accounts, whose speed to respond to messages indicates that they are automated. In addition, the identities they impersonate are varied, from personalities from the world of football to world-renowned singers who, it is worth mentioning, are also collateral victims of this attack, since their images are used as a method of social engineering to gain the trust of the victims. In some cases the deception requests the bank account data to send the money, and in other cases they request access to tools such as PayPal.
This is not the first time that social networks have been used for criminal purposes, so we advise you to be alert and, in the face of suspicious publications or offers that seem too good to be true, do not enter links or download files that offer and report it to the complaints channel of the corresponding social network. In addition, as always, we recommend having a security solution installed and updated on the devices. Although we have seen this deception on Facebook, due to the social engineering they use and because of its generic skeleton, it is possibly replicated in other similar networks. The dynamics can vary, so you have to be attentive in case you see something similar.
Martina López is a Computer Security Researcher at Eset Latin America.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
–
Facebook Live scams
