First I would like to extend our sympathies to the people of Oslo after the tragic bombing in their city. We wish you well in your rescue efforts and hope you are able to apprehend those responsible for this attack.
Unfortunately within hours of the Norway bombing Facebook scammers have latched on to the news and are trying to take advantage of the Facebook communities interest in learning the details of what happened.
The message spreading across thousands of people’s walls on Facebook reads: “[URL] [Video] OSLO Security Camera Captures Blast! [Video] OSLO Security Camera Captures Blast!”.
Users tempted to click on the scam link will be redirected offsite to a page that appears to be on Facebook with a fake YouTube video player. The screen is grayed out until you agree to take survey to prove you are 18 years of age and click “Jaa”.
Fortunately Sophos customers are protected against this scam, and the hosts involved have been blocked since May 2011. Pro-active protection is key to a good defense.
If someone is tempted to fill out the survey they are presented with an IQ test. Upon completion they are asked to enter their mobile phone number and will be charged two dollars per trivia question SMS’d to them four times per week.
Keep your eye on the ball and expect these types of scams when tragedies are in the news. For the latest information on all things related to online security subscribe to the Naked Security RSS feed or follow us on Facebook.
4 comments on “Oslo bombing taken advantage of by Facebook scammers”
Both parties (hackers and victims) are guilty here:
Hackers: Using something EXTREMELY comparable to 9/11 OR 7/7 to mislead people of such; have hackers been dropping all their morals recently?!
Victims: Expressing INTEREST in the DESTRUCTION; how could you?!?!
This is madness.
I've been wondering… Why does almost every FB scam ask's you to click "Jaa" Even though the user might be from USA or someplace else.
Jaa is finnish for share i think
The reasoning is that people will not realize what Jaa is. If it asked them to hit share button they might put more thought into it. By using Jaa they can catch a few more people mindlessly clicking on buttons without thinking. The key to these scams is to trick as many people as you can. As such they will do anything they can to hide what is really happening from the user.