Oscar Celestino Angelo Abendan ll
Social networking is a tool to connect with friends and family. But for cybercriminals, sites like Facebook and Twitter are emerging platforms to target users. Scams continuously lure users to ad tracking sites and survey pages to earn profit and steal data. One survey scam we found takes advantage of Stop Online Piracy Act (SOPA). Scammers have also set their eyes on Pinterest users and "repinned" URLs that eventually led to more survey scams.
This FAQ provides users with necessary information on how to better protect them from this ruse.
How do users encounter this threat?
Survey scams are typically found on social networking sites like Facebook. They come in the form of wall posts with a link. They use clever social engineering techniques like mentioning popular news items about celebrities, or political issues. Another popular hook is mentioning a contest or prize giveaway. By hooking survey scams with effective social engineering lures, users are likely to click the links or follow the instructions included in the posts.
As previously mentioned, scammers have also targeted Pinterest. Instead of wall posts, "repins" show promos or prizes from well-known brands, along with a website where users can supposedly avail of them.
How does this threat work?
Users are first lead to survey scams through posts on social networking sites These posts use social engineering to trick users into clicking the links in these posts. Users are then led to several redirections.
Users are directed to rogue Facebook apps or pages embedded with the malicious URLs. The said Facebook app page may oftentimes be the malicious site itself:
Upon survey completion, users are required to provide his/her mobile number. Once done, users will receive a PIN code in his/her mobile. Entering this "PIN code" supposedly reveals the answers to the survey.
In certain scams, such as in the free tickets to Breaking Dawn Part 2 scam, users are required to share the page with their contacts. By doing this, users inadvertently spread these scam pages.
How does a survey scam work in Pinterest?
A Pinterest survey scam works just like what was mentioned above. We noticed two incidents that lead users to survey pages which pose several questions.
The first incident we came across involved "repinned" images by Pinterest users that promote fake promos for Starbucks and luxury brand Coach. To avail of these "promos", users must visit the website indicated in these "repins". Upon visiting these sites, the web page gives instructions to users to repin the images. The last step urges users to click a link that ultimately leads to the survey scam pages. The latest Pinterest scam involves repins that contain links with the keywords "pinterest" coupled with shortened URLs.
What do the scammers get from these surveys?
Profit is the main driver of this threat. Cybercriminals behind these scams earn money by driving users to ad-tracking sites or affiliate sites before actually proceeding to the survey. Cybercriminals set up the survey scam pages for the sole purpose of theft as they may use the gathered information for their future schemes. For example, cybercriminals may distribute spammed messages to the email addresses that they obtained from the survey scams. The messages may contain malicious file attachments or data-stealing malware.
Scammers can also profit by tricking victims into registering for bogus premium SMS services. This is why they ask users to give out their mobile phone numbers.
How does this threat affect me?
Users who fall victim to survey scams are at risk of having their information stolen. These survey pages are known to ask for personal and sensitive information, which cybercriminals may use in their future malicious activities.
Since these scams also require users to disclose their email addresses, scammers may use these for spamming. You can expect a lot of spam in your email if you fall victim to survey scams.
Furthermore, once users follow the instruction to share or "repin" the malicious post, it automatically spreads to their contacts.
How do we distinguish survey scams from legitimate ones?
Not all survey pages are scams. For its intended purpose, surveys are effective tools in voicing out user opinions about specific products and services. Feedback helps improve products and services by knowing consumer needs.
To help you determine real surveys from survey scams, below are some signs you need to watch out for:
It's a scam if the site promises a huge amount of money or prize in exchange for completing the survey. Market research companies typically persuade users to answer surveys by putting a prime on user satisfaction and suggestions on how to improve products and services. Some give out gifts like gift cards or tokens, but never exorbitant amounts.
Are Trend Micro users protected from this threat?
FROM THE FIELD: EXPERT INSIGHTS
"The key to a successful attack is the number of clicks generated by these scams. They are very keen to entice users by providing what is currently "in" or popular among users."- Paul Pajares, fraud analyst