Lady Gaga is still not dead – stop falling for Facebook scams

This weekend we saw another spate of Facebook messages claiming to link to a BBC News report of the death of Lady Gaga.

Of course, the claims are untrue – and Lady Gaga is still alive.

But that isn’t stopping Facebook scammers from creating money-making websites that claim that the eccentric pop star has been found dead in her hotel room, and tricking Facebook users into sharing the links.

Lady Gaga is dead? Facebook scam

BREAKING: Lady Gaga Found Dead in Hotel Room 🙁 mjide35w
[LINK]
This is the most awful day in US history

You would think that the scammers would show a little more imagination – rather than using the same disguises time and time again. But, hey, if the scam is working for them – why change it?

Clicking on the link will take you a third-party website, posing as a BBC News online report, which attempts to trick you into clicking on what appears to be a video thumbnail.

Lady Gaga is dead? Facebook scam

In the above screenshot you can see that Sophos Anti-Virus (in this case, our free anti-virus for Mac users) has correctly warned about the webpage and prevented you from being clickjacked.

We’ve seen scams very much like this, many times before.

Facebook could do a much better job, in my opinion, at helping users avoid falling for tricks like this and clean-up a lot of the mischievous pages and dangerous links on its network.

For instance, a quick search of “Lady Gaga dead” finds a number of Facebook pages attempting to spread the rumour of the artist’s demise.

Lady Gaga is dead? Facebook scam

Some of which have clearly been created with a scam in mind, like this following clickjacking example:

Lady Gaga is dead? Facebook scam

Watch out if you try to play the video as this is a clickjacking scam which attempts to silently say you “Like” the page when you click with your mouse.

If you’ve been hit by scams like this, remove the messages and likes from your Facebook page – and warn your friends not to click on the offending links. Clearly, Facebook needs to work much harder to prevent attacks like this from reoccurring and spreading so rapidly.

If you’re a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page – where more than 100,000 people regularly discuss the latest attacks.


Lady Gaga found dead in hotel room? Beware Facebook clickjacking scam

Has Lady Gaga really been found dead in a hotel room? A scam which has spread rapidly across Facebook would certainly like you to think so.

Heres’s an example of a message that is being seen spreading virally on Facebook, posing as a link to a BBC TV News report.

Lady Gaga found dead in hotel room

BREAKING: Lady Gaga Found Dead in Hotel Room
This is the most awful day in US history

Wow. I mean, yes, it would be tragic if Lady Gaga were to die, but.. seriously.. “the most awful day in US history”?

Anyway, if you are tricked into clicking on the link you are taken ultimately (via a website which sloppily allows an open redirect) to a webpage that pretends to contain a BBC News video report:

Fake BBC website

Watch out, though, if you try to play the video as this is a clickjacking scam which attempts to silently say you “Like” the page when you click with your mouse.

Users who have installed a browser add-on such a NoScript for Firefox will see a message warning them of the peril of being clickjacked.

Clickjacking intercepted by NoScript

If you’ve been hit by a scam like this, remove the messages and likes from your Facebook page – and warn your friends not to click on the offending links. Clearly there’s much more work which needs to be done by Facebook to prevent these sorts of messages spreading so rapidly.

If you’re a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page – where more than 100,000 people regularly discuss the latest attacks.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

Update: A very similar scam has spread across Facebook claiming that Lil Wayne, rather than Lady Gaga, has died. Messages in that campaign include:

BBC News: 2 Rappers Died, L1L Wayne Near Death in Car Crash [VIDE0]

and

BREAKING: Lil Wayne Nearly Dies In FATAL Car Crash! [VIDE0]

Lord Gaga video banned? Twitter rogue app spread by scammers

Lord Voldermort and Lady GagaScammers are seeding an attack against Twitter users, posing as a banned video of “Lord Gaga” in an attempt to compromise accounts.

Using a selection of newly created Twitter accounts, which have the names and avatars of young women, the tweeted-out messages all look similar:

#pssst Lord Gaga VIDEO BANNED -----> [LINK] #onethingiveneverdone #cnn

Lord Gaga banned video tweets

The mention of “Lord Gaga” refers to a running-joke on Twitter today, about what would happen if Harry Potter villain Lord Voldermort and Lady Gaga hooked up. The hashtags, which can vary, appear to be taken from Twitter’s trending topics in an attempt to reach a wider audience.

Interestingly, in the above screenshot all of the Twitter profiles used to seed the scam campaign have adopted the names of women beginning with the letter “B”: Bianca, Berenice, Betania, and so forth..

It has been no surprise while writing this article to find that the scammers have now run out of “B” names and have moved onto female names beginning with the letter “C”..

These aren’t your usual Twitter profiles, and as can be seen in the example below, appear to be newly created specifically for the purposes of spreading the link.

Twitter attack seeder

What makes the profiles even more suspicious is that the only messages they have tweeted out so far have all been to the same place – a fake YouTube site, which pretends to host the banned video.

Lord Gaga video

Twitter’s security team would be wise to shut down the bogus profiles as soon as possible, before the attack spreads further because rather than playing a music video, clicking on the player will attempt to trick users into giving a rogue application the rights to access their Twitter account.

Would you authorise this Twitter app?

An app called “money works new” hardly sounds like it would be connected to a music video, and you would be wise not to give it access to your account. But, as we’ve seen in the past, Twitter users can be tricked by such an attack into making poor decisions.

Indeed, even Lady Gaga herself appears to have recently fallen foul of such a scam on Twitter.

If you do make the mistake of authorizing the app, the scammers won’t waste any time posting the same message from your account – hoping to entrap more victims.

Rogue app victim on Twitter

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Revoke app on Twitter

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.

Banned Lady Gaga video attack spreads on Twitter via rogue app

Watch out for tweets about a banned Lady Gaga video, currently spreading across the Twitter network.

The tweets are being posted by rogue applications, that users are allowing to access their profiles in the belief that they will get to view a prohibited video of Lady Gaga

Tweet promoting banned Lady Gaga video

VIDEO PROHIBIDO LADY GAGA banned [LINK] @shakira @ladygaga como ganar dinero facil

(Please note that the precise wording can vary)

If you make the mistake of clicking on the link you are taken to a fake YouTube webpage.

Fake YouTube page

Of course, you believe that you’re going to watch a banned video of Lady Gaga so you might very well click on the play button.

Doing so, however, asks you to grant permission to a third party app which wants to connect with your Twitter account.

Rogue Twitter application

Don’t, whatever you do, give it permission to continue. Because if you do, your account can now be accessed by third parties – who will be able to post messages in your name to all of your followers.

Hopefully the fact that the messages we have seen so far have all been in Spanish may reduce the impact of this particular attack.

Interestingly, it seems that Lady Gaga herself has been having trouble with these Twitter hackers.

The eccentric songstress, who has more followers on Twitter than anyone else in the world, posted a message yesterday saying:

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don'tMakeMeCallTheApostles


Lady Gaga

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don'tMakeMeCallTheApostles

Although the singer quickly deleted the rogue tweets that had upset her so much from her page, I was able to discover them cached elsewhere on the net:

TAROT de shakira [LINK] clarividente de @shakira #horoscopo ganar dinero navegando

and

VIDEO PROHIBIDO LADY GAGA @ladygaga [LINK] ganar dinero navegando

The bit.ly links used in the messages posted to Lady Gaga’s Twitter page linked to the same fake YouTube page, and were created by the same person who appears to be behind the rogue application attack.

Lady GagaIs it possible that Lady Gaga, or the staff who manage her Twitter account, fell for the scam themselves? And that’s why the rogue message appeared on Lady Gaga’s Twitter page?

Lady Gaga has over 9.6 million followers on Twitter, making her the most popular person on the network (yes, beating even Justin Bieber..) and a prize goal for any scammer who wants their scammy spammy links to be spread to as wide an audience as possible.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.