Japanese Tsunami RAW Tidal Wave Footage - Bogus CNN video scams Facebook users

Filed Under: SophosLabs, Spam, Vulnerability

Facebook users are being tricked into clicking on links which claim to be raw CNN footage of the Japanese tsunami by cold-hearted scammers - as part of a plot to earn money by driving web traffic to take online surveys.

The videos, which in the examples seen by Sophos exist on a website called spinavideo, purport to be footage of the horrifying tsunami which hit parts of Japan on Friday.

Japanese Tsunami RAW Tidal Wave Footage Facebook Message

Japanese Tsunami RAW Tidal Wave Footage

Clicking on the link takes unsuspecting users to a website which pretends to be YouTube, but is in fact designed to clickjack users into unwittingly agreeing to Facebook "Like" the page (which spreads the scam virally across the social network).

Bogus CNN video footage of Japanese tsunami

Users are then tricked into taking an online survey which earns commission for the scammers. No doubt the scammers are hoping that by pretending the video footage comes from CNN, more people might be tempted to click on it.

It's a sad reflection on human nature that a series of scams have appeared since the disaster in Japan, all trying to make commercial gain out of what is a horrific human tragedy.

Remember to always get your news from legitimate news websites, and if you're hunting for a video make sure that you go to the real YouTube website rather than a replica set up by scammers.

How to clean-up after a likejacking attack
If you made the mistake of clicking on a link spread via a scam message like the one listed above, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small "x" which will allow you to remove it.

And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any links that look like this. If you really want to watch a video chances are that it's available for free - without you having to complete any surveys - on legitimate video sites like YouTube.

Going forward, it's essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 60,000 people regularly share information on threats and discuss the latest security news.

We've also published some good best practices for better privacy and security on Facebook.

Hat-tip: Thanks to Naked Security reader Kara who contacted us about this scam.

, , , , , , , , ,

You might like

8 Responses to Japanese Tsunami RAW Tidal Wave Footage - Bogus CNN video scams Facebook users

  1. Allen Snowdon · 1671 days ago

    Waging War against Facebook Scams
    These clickjack scams have gone too far and it's time we put a stop to them. Surely the mucky-mucks who run Facebook can come up with a filter that prevents these intrusions.
    Unfortunately there is no "Contact Us" button for us to voice our concerns, so here's what I've done:
    At the bottom of every FB page is a clickable link named "Advertising". Click on it and navigate to "Integrated Solutions". A form will come up for potential advertisers to leave a message.
    Fill in all the boxes with SOMETHING, otherwise it won't get sent.
    In the "Comments" box, vent your frustration. Something like:
    "I'm mad as hell at Facebook for allowing 'clickjackers' and other scams to appear on our pages. Surely you can devise a filter to clean this mess up. If not I will be discontinuing my Facebook page and finding another social networking site"
    Seriously, folks. If Facebook can't clean up their act I WILL pull my account and go elsewhere.
    Please share this post with others, perhaps we can collectively make a difference.

  2. Surely there are many ways Facebook can thwart scams that use this method.. I wonder why they don't work on it?

  3. Nigel · 1671 days ago

    Why should they care? The whole of Facebook is just one big viral advertising marketing scam. That's how they make their money. As it stands it should be called anti-social networking. I do not meet a guy down the pub and hand over my address book to him however much I like him. Likewise if Facebook was truly socially oriented, Apps would not have ANY access to ANY information at all until the person trialing the app approves the access. The basic information request should only be allowed to include the user's name, profile picture and gender. ALL other information access should require a separate per item request and approval dialog.

  4. Mike Hunt · 1671 days ago

    The links from the fake video site go to TRACKING.COM and then on to inteletrackcom which is this company:

    Intela LLC http://intela.com/how-to-reach-us

    According to their facebook page "Intela is headquartered in London, UK and has its operational and US base in Boulder Colorado, USA." They are an affiliate marketing company - one of their affiliates is running the fake video scam website and as the affiliate network Intela LLC are also profiting from this scam. They will know exactly who this affiliate is from the tracking url so let's hope they do the right thing.

    (inteletrackcom is the tracking site used by and owned by Intela LLC)

    The addresses for Intela LLC are:

    +44 (0) 207 437 0007
    Suite 305 Princess House
    50-60 Eastcastle Street
    London W1W 8EA

    +1.303.473.0000 Reach us from the UK:+44 (0)208 819 6901
    1881 9th Street
    Canyon Center Suite 102
    Boulder, CO 80302

  5. I am an engineer at Facebook on the Platform Integrity team - and am currently working on stopping likejacking.

    We care, and we definitely take likejacking seriously - and it has become more rampant since we launched the larger Like stories in the newsfeed 2 weeks ago. We are blacklisting domains doing this as well as looking into other countermeasures - one you may have already seen in a reputation-based system that pops out a confirmation window when we suspect a domain might be likejacking. If you'd like to help us deal with these spammers in the meanwhile, please mark as spam any such stories you see in your news feed.

    • Good to hear that Facebook is working on it Eugene.

      Do you think there would be value in Facebook changing the way "Like" buttons work, so that when you like an external webpage Facebook asks you for *confirmation* that you really want to Like that page?

      It wouldn't present that much inconvenience for users, surely - but would make the life of the clickjacker much more difficult.

      • Hi Graham,

        That's part of the solution that's now live - we will be asking for confirmation based on reputation. The goal is to minimize impact to legitimate users and websites while making clickjacking more difficult.

        I would also very much appreciate if you could add one more suggestion to the section about likejacking clean-up. If you've been likejacked, please select "Mark as Spam" when you remove the post so we can better find these sites.


  6. Tricky · 1670 days ago

    There is also another version going arround:

    GRAPHIC VIDEO.. Japans Tsunami Sends WHALE Smashing Into A Building!

    Just seen some people I know post it on thieir walls....

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley