Remember the advisory we put out last week about free Rolling Stones tickets?
It was a good old bait-and-switch campaign that draws you in with a promise of hard-to-get tickets to a Rolling Stones gig.
The "bait" was the Stones and the "switch" was that you couldn't proceed without Sharing the Facebook page that promoted the site - before you could even see what the site was all about
Then you had to wait until ten of your friends had clicked through via your uniquely coded web link before you could join the supposed queue for free tickets.
Presumably the hope was that you'd try to urge along your friends to visit the site (perhaps Sharing it in turn), hoping they'd push you closer to your chance at a free ticket.
Well, as SophosLabs pointed out to us, these same scammers aren't just taking aim at grey-haired old rockers who like the Stones.
They're also after the grandchildren of Stones fans.
There's a matching scam, dished out from exactly the same server, offering free tickets to see teenage heart-throbs One Direction:
No disrespect to Mick, Keef, Charlie and Ronnie, but to get into line for 1D tickets, Directioners need to get fifteen clicks via their personalised web links, not just ten.
Quite how you return to check how many times your link has been clicked, however, is not clear.
If you visit it yourself, you just get a new "unique" link with a click count of zero.
But wait: there's more!
The children of Stones fans are in the sights of our our band of scammers, too.
There's yet another structually-identical scam trying to suck in dance music fans by offering tickets to this year's Tomorrowland event in Belgium:
In all three scams, the websites state that your free tickets, should they actually exist, will take three to five business days to arrive.
The Stones and One Direction sites claim:
Since we are from the UK, the shipping time is different from country to country.
The Tomorrowland scam instead gives a nod to the event's host country, claiming that:
Since we are from Belgium, the shipping time is different from country to country.
But in a reminder of just how multi-jurisdictional cybercrime can be, the scams claiming a UK provenance have .com web addresses that resolve to a server in Switzerland, while the scam supposedly from Belgium has a .eu web address that is hosted on a server in the United States.
The registration details for the three domain names are all different: one lists an individual claiming to be in Germany; the other two shield the real registrants behind registration proxies in Panama and The Bahamas.
Nevertheless, the relationship between the scams is obvious, because they all seem to be driven by the same templating system; they all work in the same way; and two of them are hosted on the same server.
Fortunately, there's a simply way to beat them all: don't try, don't buy, don't reply.
Scams like this only work if you get involved.
Indeed, if you take anything more than a cursory look in this case, then you're actively recommending the scams to your friends.
And we urge all Rolling Stones fans, as responsible grandparents, to explain to their grandchildren why there aren't any free tickets at the end of scams like this.
Someone ends up paying - don't let it be you or anyone else in your family.
→ Sophos products block these scam pages, regardless of the URL, as Mal/FBScam-A.