A video purportedly showing a gigantic snake swallowing a zookeeper is the latest viral scam on Facebook – tricking thousands of users into sharing a video which instead takes the viewer outside Facebook to a scam site.
The link, described as “heart-breaking footage”, according to veteran security-industry expert Graham Cluley’s report, instantly takes users outside Facebook, “Clicking on the link (which isn’t recommended) takes you to a third-party website which is pretending to be Facebook, complete with what appear to be comments from other users. However, if you try to watch the video you are told that you must share the link publicly before you are allowed to proceed.”
About.com’s Urban Legends page also warns against the link, saying, “What it’s designed to do, if you follow the instructions, is spam itself to the Facebook news feeds of everyone you know. It may also ask you to fill out a survey form, which, if you comply, is how the scammers make money. Worst-case scenario, it may download malicious software to your computer, potentially compromising your privacy and security..What it won’t do, ever, is show you the “shocking video” it lured you with in the first place.”
ESET researcher Stephen Cobb says, in a We Live Security Guide to such scams, “Can we trust our friends not to make questionable decisions on social media? Apparently not, because our friends might actually be scammers in disguise, or just not well-informed.”
As reported by We Live Security here, such scams can, in the worst case scenario, lead to tainted sites which infect users with malware. When Twitter accounts for two CBS shows, 60 Minutes and 48 hours, were compromised in April last year, they began to spam readers with links which AllThingsD reported to be tainted with malware. Such ‘clickjacking’ scams are used by activist groups, such as Syrian Electronic Army’s hijacking of news site E! Online’s Twitter feed to broadcast a Tweet saying, “Breaking! Justin Bieber – I’m a gay”.
About.com lists several previous “must-see” videos used to lure unwary Facebook users, such as ‘Huge Plane Crashes Into Bridge’, Shark Eats Man’ and ‘Will Smith Pronounced Dead,’ all of which are scams. A We Live Security guide to spotting scam links before that fatal click can be found here.
ESET researcher Stephen Cobb Cobb offers a detailed guide to spotting scams and hoaxes here. ESET’s Social Media Scanner is a free app which offers a quick, free way to check out if that news story on Facebook is true – or a scam.