Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Facebook scam uses fake CAPTCHA to spread

Posted on 12 March 2012.

In order for a Facebook survey scam to be successful, it has to make users do two things: propagate the scam further by "endorsing" it and complete at least one survey.

Even though there are always users who fall for the most basic scams, most of them learn fast and scammers have to constantly think of new lures and new ways of making the victims inadvertently spread the offending links.

In a survey scam recently spotted by BitDefender, the scammers have decided to trick the victims into promoting it by using a bogus CAPTCHA test.

The lure is a common one: "PHOTO! Girl accidentally sends dad SMS about her FIRST time! (This is the funniest thing ever!)"

In order to see what it's all about, the victims are asked to verify their identity by solving a CAPTCHA:

Even though the offered "words" are too simple and clear to foil computers, it's probable that many of the victims won't give the issue much thought.

But a closer look at the "Submit" button might make them realize that something is off, as the "Comment" button can be seen in the background. Those who don't and do what they are asked to will be posting on their profile the same message they fell for, complete with their "ha haha" comment.

From that point on, the scam continues as predicted - in order to watch the wanted content, the victims are required to complete one of the offered surveys.