Oslo bombing taken advantage of by Facebook scammers

Filed Under: Facebook, Privacy, Social networks, Spam

First I would like to extend our sympathies to the people of Oslo after the tragic bombing in their city. We wish you well in your rescue efforts and hope you are able to apprehend those responsible for this attack.

Unfortunately within hours of the Norway bombing Facebook scammers have latched on to the news and are trying to take advantage of the Facebook communities interest in learning the details of what happened.

The message spreading across thousands of people's walls on Facebook reads: "[URL] [Video] OSLO Security Camera Captures Blast! [Video] OSLO Security Camera Captures Blast!".

Facebook scam on Oslo bombing

Users tempted to click on the scam link will be redirected offsite to a page that appears to be on Facebook with a fake YouTube video player. The screen is grayed out until you agree to take survey to prove you are 18 years of age and click "Jaa".

Facebook Oslo scam survey popup

Fortunately Sophos customers are protected against this scam, and the hosts involved have been blocked since May 2011. Pro-active protection is key to a good defense.

Sophos block page

If someone is tempted to fill out the survey they are presented with an IQ test. Upon completion they are asked to enter their mobile phone number and will be charged two dollars per trivia question SMS'd to them four times per week.

Keep your eye on the ball and expect these types of scams when tragedies are in the news. For the latest information on all things related to online security subscribe to the Naked Security RSS feed or follow us on Facebook.

, , , ,

You might like

4 Responses to Oslo bombing taken advantage of by Facebook scammers

  1. WippyM · 1502 days ago

    Both parties (hackers and victims) are guilty here:

    Hackers: Using something EXTREMELY comparable to 9/11 OR 7/7 to mislead people of such; have hackers been dropping all their morals recently?!
    Victims: Expressing INTEREST in the DESTRUCTION; how could you?!?!

    This is madness.

  2. Mongertaja · 1501 days ago

    I've been wondering... Why does almost every FB scam ask's you to click "Jaa" Even though the user might be from USA or someplace else.

    • RmD · 1500 days ago

      Jaa is finnish for share i think

    • Machin Shin · 1500 days ago

      The reasoning is that people will not realize what Jaa is. If it asked them to hit share button they might put more thought into it. By using Jaa they can catch a few more people mindlessly clicking on buttons without thinking. The key to these scams is to trick as many people as you can. As such they will do anything they can to hide what is really happening from the user.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.