125,000 people fooled by Tupac Shakur / Suge Knight Facebook scam

Filed Under: Facebook, Rogue applications, Social networks, Spam, Twitter

Suge KnightBefore I begin this article, here's a quick summary of the key characters for those of you who have chosen not to show a keen interest in rap music and hip-hop:

* Tupac Shakur: Also known as "2Pac", very popular rap music artist. Died, in September 1996, as a consequence of injuries sustained in a Las Vegas drive-by shooting. He was 25 years old. No-one has ever been convicted of his death.

* Suge Knight: Marion "Suge" Knight, the owner of Death Row Records, Tupac Shakur's recording label. He was driving Tupac on the night of the shooting, and although he was hit himself in the cross-fire (he was shot in the back of the neck), survived his injuries.

* Klasik: Real name unknown. Maker of a number of fake news videos (including this one which purports to be a news report that OJ Simpson has committed suicide). He describes himself on his Facebook page as an "upcoming artist" based in Dayton, Ohio.

With me? Okay, let's begin.

Rumours have been spreading on hip-hop websites and social networks such as Twitter since the tail end of 2010, that Suge Knight has been arrested for the murder of Tupac Shakur. It appears that the rumours were kickstarted by a fake news video, made by Klasik, that was uploaded to YouTube on December 28th:

The video is nonsense, involving the splicing together of different news stories and a reporter whose voice has been overdubbed (between 1:18 and 1:30) to claim that Suge Knight has been charged with the death of Tupac Shakur. In fact, Knight was arrested by LAPD over a traffic offence.

That hasn't stopped the video being viewed by more than 500,000 people to date, and the rumours to spread like wildfire.

Suge Knight and Tupac Shakur rumours spread on the net

So far, so very typical of the internet.

What's most of concern to us, however, is that scammers are exploiting the rumours to trick Facebook users into permitting a rogue application to access their profiles, and post spam messages to their accounts.

Here's a typical message that's been seen on Facebook:

It seems they finally solved the mystery of TUPAC's killer, Suge Knight was arrested today, watch the full video!

It seems they finally solved the mystery of TUPAC's killer, Suge Knight was arrested today, watch the full video! [LINK]

Suge Knight arrested for Tupac murder.
OMG The Video

Suge Knight killed Tupac Shakur? Watch the full video, this is insane I can't believe the mystery has been solved after all this years

When you see a message like this posted by one of your friends, you may well be tempted to click on the link - especially if you're interested in the hip-hop scene.

But doing so, takes you to a webpage asking for you to authorise a rogue application:

Suge Knight and Tupac Shakur rogue application

Of course, you might be curious to find out more details about who - after 14 years - the police have finally caught for Tupac Shakur's killing. And so you might, unwisely, allow the application to have access to your Facebook profile.

If you do, then you'll be taken to a typical page which says it is about to show you the "shocking video", but actually wants you to take a quick online survey first.

Suge Knight and Tupac Shakur survey scam

And this is where the scammers make their money. Everytime someone fills in an online survey, they make a little bit of commission. If they can find an attractive enough lure (like a video "proving" who killed Tupac Shakur), they can potentially bring lots of people to the surveys.

What helps them even more, is that the rogue application which has just been given permission to post to your Facebook page is now spreading the link even further, sharing it with all of your friends via your Facebook wall.

Account compromised by Suge Knight and Tupac Shakur rogue application

And, of course, your friends may be more likely to click on the link as it appears to have been posted by you.

A little digging discovers that the scammers behind this scheme have tricked over 125,000 people so far into clicking on links related to the bogus news of Tupac Shakur and Suge Knight, and in the last day alone have set up over 10 different rogue applications designed to infect your Facebook profile.

List of Suge Knight and Tupac Shakur rogue applications via bit.ly

Of course, it's possible that not all of these people made the mistake of authorising the rogue application - but you can bet your bottom dollar that very many did.

Another Suge Knight and Tupac Shakur survey scam

Oh, and in case you're wondering, the scammers aren't just spreading their scheme via Facebook. We've also seen evidence of Twitter accounts being used to send links to the rogue Facebook applications too.

Tweet linking to Suge Knight and Tupac Shakur rogue Facebook app

You can learn more about this particular scam on the FaceCrooks website.

Here's a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Keep your wits about you and stay informed about the latest scams spreading fast across Facebook. One of the best ways to do that is to join the Sophos Facebook page, where more than 50,000 people regularly share information on threats and discuss the latest security news.

, , , , , , , , ,

You might like

6 Responses to 125,000 people fooled by Tupac Shakur / Suge Knight Facebook scam

  1. Rexy · 1735 days ago

    Usually when I see an exciting news story pop up on
    Facebook, rather than click the link on my friend's page I
    find it's much safer for my Facebook security if I simply
    open another window/tab in my browser and look the story up on
    Google or Yahoo. If Suge Knight were really arrested, or [insert
    celebrity name here] was really found dead, it'll be all
    over legitimate news sources, not exclusively found in some app on
    Facebook that needs access to my profile.

  2. It's sad to see that many people were fooled. I wonder
    what's Facebook doing about it?

  3. Mrs. W · 1735 days ago

    Good advice, but you still have to make sure the URL you're going to is a legitimate news source and not an SEO poisoning.

    For those who don't know what that is, Graham has written about them here: https://nakedsecurity.sophos.com/2010/03/31/automa...

    • Rexy · 1733 days ago

      By "all over legitimate news sources" I
      meant that if the story is true then it will pop up on several news
      sites. If Suge Knight, or anyone for that matter, actually got
      arrested for killing Tupac, it would be all over AP, CNN, FOX, BET
      News and blogs across the globe. I'd barely finish typing
      the headline in the search bar before getting flooded with news
      stories. When something like that happens you can almost confirm
      the story without clicking a single link. On the other hand, if I
      look it up and only find the story on obscure news sites
      I've never heard of or on someone's blog, then
      it's probably either not true or unconfirmed. Either way
      it's not news.

  4. Maybe the survey providers should be targeted. Whenever I do an online survey like this, i would fill in fake information anyway. The survey makers who pay these frauds must realise this?

  5. Guestuser · 1715 days ago

    Ford doesn't make escalade! LOL!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley