Imagine that one of your Facebook friends recommends a link to you.
You click it, and you end up on some kind of hocus-pocus diet supplement scam page.
“More internet drivel,” you think, so you close the page, shrug and get on with your work.
No harm done, right?
Well, “Yes” and “No” – or, perhaps, “No” and “Yes.”
An Acai Berry scam
For example, here’s an Acai Berry scam we’ve seen a fair bit of over the past week.
You’ll actually see two successive postings on your Timeline.
There’s a not-quite-literate message, like the one below or similar:
successfully results in this particular health solution OMG Do you read this img ?!?! This cant be fake this is the strong methodd
Then there’s a follow-up post, as though your friend forgot the link from the previous posting and corrected themselves:
the link, hehe.. http://goo.gl/xxxxxx
You’d be right to be suspicious, at least if you know your friend is competent in English, because some of the the phrases stretch the limits of comprehensibility.
However, we’re guessing that there are two postings in order to add some kind of human-sounding realism.
After all, it’s reasonable to assume that automated bogus messages wouldn’t forget the link in the first place, and only humans would rush to correct their error with comments saying “hehe.”
The shortlinks used in this campaigns all seem to be goo.gl URLs, and they all seem to redirect to URLs that look something like this:
[hexdigits].my.test/[letters]/image_[hexdigits].jpeg
The linked-to pages are mocked-up BBC News articles, topped-and-tailed with stolen BBC content to make them look more realistic:
The articles, however, consist of a sales pitch for acai berry fruit juice:
You’ve probably seen lots of acai berry juice adverts in recent years.
We have no idea why spammers and scammers are in love with acai juice, apparently more than any other.
As far as we can tell, it is pretty similar in nutritional value to lots of other fruit juices, such as orange, apple, pomegranate and various other berries with names that are easier for Anglophones to say. (Acai is properly written açaí, and isn’t pronounced to rhyme with Akamai.)
Once again, you’d be right to be suspicious, because the claims made in the article are specious, and the product is wildly expensive. (£30 for a tiny vial of fruit juice extract!)
Indeed, if you click through to the buy page and check the very limited disclaimers and FAQs there, you’ll find that the product only helps you to lose weight if you combine it with a diet specifically designed to make you lose weight.
So, assuming that you spot the scam for what it is before you fill in your credit card number on the buy page, and bail out, you should be OK.
Don’t buy, don’t try, don’t reply
Having said that, the earlier you bail out, or get blocked by your web filtering product, the better:
• Clicking through needlessly gives away at least some information about you.
Someone who wants to sell you overpriced fruit juice under false pretences doesn’t have your best interests at heart, so sharing any browser-related data with them at all (e.g.browser type, location, language, operating system, possible cookies from previous visits) is best avoided.
• The web pages could change at any time, with the dodgy diet offers replaced with more directly malevolent content.
Here, we’re talking about exploit kits and drive-by installs, where booby-trapped content in a web page tries to trick your browser into downloading malware and installing it without asking.
Tell your friends
If you see your friends making posts like this, whether they’re on Facebook, another social media service, or even in plain old email, get in touch and let them know.
If crooks can login to their account to post bogus messages about shonky diet products, then those same crooks can probably do a lot worse, from sending out malware to identity theft.
→ Be careful of simply emailing them, or merely posting a reply and hoping they see it – if a crook controls their account, they’ll never see your warning. If they’re a real-world friend, consider giving them an old-fashioned ring on the telephone to let them know that their account might have been taken over by crooks to post scammy garbage.
What to do?
If one of your friends warns you that you are making out-of-character posts, please check the following:
- Is your computer patched and up-to-date? (Run Windows Update or visit the Update tab in the Apple App Store.)
- Is your anti-virus up-to-date and running properly? (If in doubt, try the free Sophos Virus Removal Tool.)
- Has someone else been logging into your accounts? (A password change may help.)
- Did you use the same password on multiple sites? (Don’t, and if you did, change them all now!)
- Have you authorised any apps to access your social media accounts? (This typically allows them to post content as you.)
Free Virus Removal Tool
The Sophos Free Virus Removal Tool works alongside your existing anti-virus to find and get rid of any threats lurking on your computer.
Download and run it, wait for it to grab the very latest updates from Sophos, and then let it scan through memory and your hard disk. If it finds any threats, you can click a button to clean them up.
