Compromised Tumblr accounts sporting fake Starbucks gift cards
Posted on 26 January 2012.
It is a well known fact that compromised legitimate websites are often used by cyber crooks to drive traffic towards their scammy sites.

The latest example of this practice can be found on a variety of compromised Tumblr accounts, where the following picture - imitating an offer from a "Tumblr Staff Blog" - has been posted:


The offered link will supposedly take the users to a site where they can pick up a free $50 Starbucks gift card, but in order to do that, they will have to complete “two reward offers from each of the silver and gold page options and nine reward offers from the platinum reward page and refer three friends to do the same,” and share a boatload of their personal information with the scammers.

GFI also warns that while they browsing through the Google results for one of the t.co URLs used, they also encountered a phishing Tumblr-themed "adult verification" pop-up that can't be removed except by "logging in":


Unfortunately, if the user does that, his account will be the next one displaying the scammy Starbucks gift card offer.

"If you wake up to find your Tumblr has a collection of posts about Starbucks stretching back at least nine hours that you didn’t make, be sure to change your login details and check your custom page code in case the attackers have overlaid what I like to call 'garbage' over your spangly hipster background," advises Chris Boyd.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //