Sophos Cloud Optix
Facebook users are seeing lots of messages claiming to link to a special JetBlue Airways offer, claiming they can get free tickets. Unfortunately, anyone who clicks on the link is in danger of signing-up for a premium rate mobile phone service.
The messages look something like this (the precise wording may vary):
JetBlue Airways
Your Free Trip
2 Free JetBlue Airways Tickets - Facebook Users Only
The scam has been spread more widely, in part, because the Facebook page belonging to Jezebel.com (a women’s lifestyle blog, part of the Gawker network) passed on the message to its 30,000+ fans.
If you were to click on the link you are taken to a webpage (with a large version of the JetBlue Airways logo in the background) which asks you to “Facebook Connect” with the site in order to access the alleged special offer.
If you do that then Facebook asks if you want to give permission for an application called “JetBlue Family” to gain access to your account information, including the right to email you and post messages to your wall.
Proceeding further, however, takes you to page which attempts to make money for the scammers – either in the form of a revenue-generating survey or, in my case, a page which tries to trick you into signing up for an expensive premium rate cell phone service (charged at £4.50 per week).
In the meantime, the scam has already been posted onto your own Facebook wall, trying to trick your online pals and family into making the same mistake.
Hopefully, this article will act as an important reminder for folks to read the small print, and be very careful what applications they allow to gain access to their Facebook account. And owners of pages with tens of thousands of followers like Jezebel need to be much more careful what they do regarding their online safety too.
If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.
And if you’re a keen user of Facebook, you should join the thriving community on the Sophos Facebook page.
What kind of moron company running a facebook page passes this along to its followers before looking into the site!?!?
My guess is that the administrator of the page simply fell for the scam like any other Facebook user.
They probably didn't knowingly post the link to the Jezebel page, but instead the rogue application posted it to the page automagically (without the administrator's knowledge). That's one of the issues when you give a third-party Facebook application permission to post to your wall and pages..
They seem to have removed the offending message now from the Jezebel page. Hopefully they'll also warn their users of the danger, in case any were tempted to click on it.
Could you please provide us with the links and/or other details to the offending site? Some of us in the online ad industry want to be able to track down and identify the responsible publishers and the affiliate networks their filtering traffic through..
I've shared the links with Facebook Security – and requested that they shut it down. My guess is that they probably see more of these things than anybody, and may be able to draw threads together as to common denominators.
See this for instance, http://nakedsecurity.sophos.com/2010/10/22/facebo…
Thanks, Graham. Here's a fresh version of this scam: http://www.facebook.com/#!/apps/application.php?i…
Also Airline Research: http://www.facebook.com/#!/event.php?eid=16768493…
Testing shows that traffic is being redirected through the Affillion affiliate network. Before that, traffic was being sent to Adsend Media. These CPA networks don't seem to be doing any due diligence on their publishers. Affillion is a closed (blind) network, to boot.
I’d also suggest anybody who experienced the text signup option take a few moments to visit http://www.phonepayplus.org.uk/output/Make-a-comp… and complain about the promotion of this service.
I'd be interested to learn more about the text signup you are talking about.
As for the PPP, PhonepayPlus tends to look mostly at the content providers who wind up sucked into these scams. The regulator has very little other point of entry into the market,s o CPs are always scrutinized first. Otherwise, the PPP Tribunal has been doing a good job of working with content providers to address these messes.
Thank you for this. I laid awake wondering how to stop this scam from sending more messages to my FB friends. You just solved it for me! Whew!