Posts masked as the fake web app "TumViewer” and "Online Income Solutions" were seen circulating on the popular blogging site Tumblr. Both offer something to Tumblr users, but in reality, they are social engineering lures meant to hook users into another run-of-the-mill survey scams.
TumViewer and Online Income Solution: Just Another Survey Scam
Several Tumblr posts were seen promoting "TumViewer" web app. This free app supposedly allows users to see who viewed their pages, which posts were viewed, and how often they were viewed. "TumViewer" appeared to be a minor hit among certain users, as we also noticed some tweets circulating on Twitter that promote the same app.
Instead of knowing who viewed users’ Tumblr accounts, the said “TumViewer” app only leads to another survey scam, similar to what we previously documented here.
The other post we noticed may be appealing to certain Tumblr users, specifically those who wish to make a quick buck. These posts promise easy income that users can do online. The link leads to a fake but convincing CBS news item about this work-from-home gig.
Clicking a specific text in the article redirects users to the page “Online Income Solutions”. In an attempt to further convince users to register to this scam, the page shows different logos of popular news organizations. Like previous survey scams, users are asked to give out their phone number and email address.
Social Engineering and Profit Drive Scams "TumViewer" and "Online Income Solution" are just latest reincarnations of scams that continuously plague other social networking sites like Pinterest, Twitter, and Facebook. We can expect to see similar threats spreading on social networking sites because they are tested money-makers. These scams drive users to ad-tracking sites or affiliate sites, which means more profit for the scammers.
As for the survey, the bad guys set up these pages to gather information that they can use in their future schemes, such as adding stolen email addresses to their spam distribution list. Users who hand out their phone numbers are also at risk of being subscribed to certain services without their permission, causing unnecessary charges to their bills.
And let us not forget the main attraction in these scams: social engineering. Free web apps like "TumViewer" are appealing to users because they offer features that pique curiosity. "TumViewer", with its promise of disclosing details of possible “stalkers” may be targeted at users who are keen to know who’s viewing their account. Since the app is free and has no apparent dangers to user, they may attempt to test it.
On a more convincing level, the “Online Income Solution” scam offers Tumblr users an opportunity to make easy money online. Tumblr users, in particular stay-at-home moms, students, or users who wish to augment their current income, are certainly the target of this scam.
The bottomline: scammers know what appeals to users and what would likely persuade them to click those links. They can certainly use these against users, in order to generate profit and steal information from unwitting users.
To avoid becoming victims of such scams, users should always think before they click and verify with credible sources if these web apps are legitimate. Social networking sites such as Tumblr typically provide information about the latest news about threats and offer safety tips to users.
To know more about social engineering and how it works, you may read our Digital Life e-Guide “How Social Engineering Works”.
Trend Micro Smart Protection Network™ protects users from this threat by blocking the related survey pages and sites.
With additional analysis from Paul Pajares.