Criminals are wasting no time in harnessing the undeniable impact of the news of Osama Bin Laden’s death to bait familiar old traps on facebook.
I just got a call from, let’s call him “a concerned family member”, after he had been taken in by a facebook “chat virus”.
The infection chain started with a chat message from a friend, the message read “watch the video of them killing osama bin laden live! ” and was accompanied by a link. The message began with the victim’s real name giving it added credibility.
The link leads to a page that may look familiar to those of you who keep up with this sort of thing, but as my br… um… concerned family member can attest, it still fools the unwary.
The instructions on the page inform the unfortunate mark that in order to view the supposed execution video, they need to paste the “video code” into the address bar of the browser. This may seem an unusual request in the context of a blog post, but when the recommendation comes to you in a live chat message from a friend you know and trust, your spider senses may not be tingling quite so much.
But hey, there’s an old saying in Tennessee – I know it’s in Texas, it’s probably in Tennessee – that says, fool me once, shame on … shame on you. It fool me. We can’t get fooled again (with thanks to GWB)
What do we learn from this? I guess the simplest lesson is, if you receive an unsolicited link from someone, even someone you know, check with them first before you click. You never know, you could be doing them a favour and letting them know they have been duped. And NEVER paste ANYTHING that is not a URL into your browser address bar.
It is also worth noting that this is not the only Osama scam currently spreading on Facebook, I also spotted many iterations of a second attack that uses clickjacking in the form of a bogus CAPTCHA to fool users into posting the bait to their own walls.