One trait that I developed since I started with Sophos is being calm under pressure. With virus and spam outbreaks, analysts needs to keep their nerves to analyze the situation and proceed to deal with the new threat. So, I wasn't expected to be surprised by my friends' actions on facebook this past weekend.
It started innocently enough, as a post about getting a Free $25 Starbucks gift card for joining a particular group. The first person to join the group from my friends list happens to work for a non-profit organization helping young people. So, I expected the young people on his "friends list" to join this group shortly.
Looking at the page, my instincts tell me that something is amiss when the description (on the bottom left) says:
"This is not a scam, we are merely trying to get people to go to Starbucks. We are trying to see what coffee people purchase" (my emphasis added). The words "This is not a scam" rings loudly in my head. Isn't the same phrase used in many Nigerian/419 scams? Usually, the only people who have to assure others that they're not scamming are actual scammers.
This comes to objective lesson #1 in this case:
The "last step" is to enter Personally Identifiable Information (PII) such as Name and Full Address. Some of my friends started to question the scheme by this time, yet others happily gave their info away, which gets us the objective lesson #2:
Do not give away your Personal Identifiable Information online
Now, what does the group/site owner have to gain from this scheme? By clicking submit, the PII is sent to a marketing company call cpalead, which we have seen before. The group/site owner gets a few cent every time someone gives up their personal information. So clearly the owner is profiting from this.
As for the poor users (and my poor friends) who submitted their information? They probably will never see a Starbucks card arriving in their mail. What's more likely, however, is that their information will be sold off to the highest bidder for more "marketing" in the future.
Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 100,000 people regularly share information on threats and discuss the latest security news.Follow @SophosLabs