125,000 people fooled by Tupac Shakur / Suge Knight Facebook scam

Suge KnightBefore I begin this article, here’s a quick summary of the key characters for those of you who have chosen not to show a keen interest in rap music and hip-hop:

* Tupac Shakur: Also known as “2Pac”, very popular rap music artist. Died, in September 1996, as a consequence of injuries sustained in a Las Vegas drive-by shooting. He was 25 years old. No-one has ever been convicted of his death.

* Suge Knight: Marion “Suge” Knight, the owner of Death Row Records, Tupac Shakur’s recording label. He was driving Tupac on the night of the shooting, and although he was hit himself in the cross-fire (he was shot in the back of the neck), survived his injuries.

* Klasik: Real name unknown. Maker of a number of fake news videos (including this one which purports to be a news report that OJ Simpson has committed suicide). He describes himself on his Facebook page as an “upcoming artist” based in Dayton, Ohio.

With me? Okay, let’s begin.

Rumours have been spreading on hip-hop websites and social networks such as Twitter since the tail end of 2010, that Suge Knight has been arrested for the murder of Tupac Shakur. It appears that the rumours were kickstarted by a fake news video, made by Klasik, that was uploaded to YouTube on December 28th:

The video is nonsense, involving the splicing together of different news stories and a reporter whose voice has been overdubbed (between 1:18 and 1:30) to claim that Suge Knight has been charged with the death of Tupac Shakur. In fact, Knight was arrested by LAPD over a traffic offence.

That hasn’t stopped the video being viewed by more than 500,000 people to date, and the rumours to spread like wildfire.

Suge Knight and Tupac Shakur rumours spread on the net

So far, so very typical of the internet.

What’s most of concern to us, however, is that scammers are exploiting the rumours to trick Facebook users into permitting a rogue application to access their profiles, and post spam messages to their accounts.

Here’s a typical message that’s been seen on Facebook:

It seems they finally solved the mystery of TUPAC's killer, Suge Knight was arrested today, watch the full video!

It seems they finally solved the mystery of TUPAC's killer, Suge Knight was arrested today, watch the full video! [LINK]

Suge Knight arrested for Tupac murder.
OMG The Video

Suge Knight killed Tupac Shakur? Watch the full video, this is insane I can't believe the mystery has been solved after all this years

When you see a message like this posted by one of your friends, you may well be tempted to click on the link – especially if you’re interested in the hip-hop scene.

But doing so, takes you to a webpage asking for you to authorise a rogue application:

Suge Knight and Tupac Shakur rogue application

Of course, you might be curious to find out more details about who – after 14 years – the police have finally caught for Tupac Shakur’s killing. And so you might, unwisely, allow the application to have access to your Facebook profile.

If you do, then you’ll be taken to a typical page which says it is about to show you the “shocking video”, but actually wants you to take a quick online survey first.

Suge Knight and Tupac Shakur survey scam

And this is where the scammers make their money. Everytime someone fills in an online survey, they make a little bit of commission. If they can find an attractive enough lure (like a video “proving” who killed Tupac Shakur), they can potentially bring lots of people to the surveys.

What helps them even more, is that the rogue application which has just been given permission to post to your Facebook page is now spreading the link even further, sharing it with all of your friends via your Facebook wall.

Account compromised by Suge Knight and Tupac Shakur rogue application

And, of course, your friends may be more likely to click on the link as it appears to have been posted by you.

A little digging discovers that the scammers behind this scheme have tricked over 125,000 people so far into clicking on links related to the bogus news of Tupac Shakur and Suge Knight, and in the last day alone have set up over 10 different rogue applications designed to infect your Facebook profile.

List of Suge Knight and Tupac Shakur rogue applications via bit.ly

Of course, it’s possible that not all of these people made the mistake of authorising the rogue application – but you can bet your bottom dollar that very many did.

Another Suge Knight and Tupac Shakur survey scam

Oh, and in case you’re wondering, the scammers aren’t just spreading their scheme via Facebook. We’ve also seen evidence of Twitter accounts being used to send links to the rogue Facebook applications too.

Tweet linking to Suge Knight and Tupac Shakur rogue Facebook app

You can learn more about this particular scam on the FaceCrooks website.

Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Keep your wits about you and stay informed about the latest scams spreading fast across Facebook. One of the best ways to do that is to join the Sophos Facebook page, where more than 50,000 people regularly share information on threats and discuss the latest security news.