Google + Formspring + Facebook = Scam

Filed Under: Facebook, Google, Privacy, Social networks

Google Trends graph

I often keep my eye on Google Trends for the latest sources of threats and scams. As Onur and I discussed in our podcast on Blackhat SEO, the groups behind the manipulation of search results are automatically consuming the latest popular searches from Google Trends and doing their best to place their malicious/spam content at the top. Over the past few months, Google has done a great job at keeping the bad results out, but tonight they slipped up a bit.

The good news is that no malware is involved. The bad news is that money-making scams can use many methods aside from infecting your PC, and tonight's story is no exception. It begins with a popular Google search: "the 100% most genius reply to a threatening formspring question!".

Google FB result
Google scam result

Formspring.me, by the way, is a social media site that allows others to anonymously ask you personal questions. The site is controversial because its anonymity leads some to use the site for bullying and other bad behavior.

Clicking on the Facebook result, the seemingly credible one, leads you to a Facebook fan page that says you should "like" the page to see the answer, struck through in red. I've blacked out the crude content in the question.

Facebook fan page

Once you have "liked" the page it presents you with a link that reads "Want to see the 100% most GENIUS formspring reply? Click here!" Unfortunately, clicking the link takes you to a blogspot.com page with a popup saying you must complete a quiz to see the answer. This is the same result you get when you click the other dodgy link from the Google search results.

No matter which quiz you pick, you get the same result: a Flash-like quiz that requests your cell phone number so they can presumably contact you to give you the prize and inform you of further quiz opportunities to increase your chances of winning.

iPad giveaway

As with all things that seem too good to be true, the fine print reveals that you will be sent additional quiz entries for $2 apiece four times per week. $32 a month is a pretty good take for the price of a single iPad.

Additionally, the answer, which is freely available on www.bypassfanpages.com, is not only vulgar, but pointless. I had no idea what Formspring was before tonight, but from a security perspective, it seems to be yet another way to publicly disclose personal information that can be used to impersonate you or steal your identity.

Any way you look at this situation, it will result in disappointment in the long run. Don't let your curiosity get the better of you.

, , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.