Pictures of Osama Bin Laden phishing attack hits Twitter users

Phishers are once again on the prowl for unsuspecting Twitter users, tempting their prey with the promise of pictures of Osama Bin Laden.

Pictures of Osama Bin Laden

Pictures of Osama Bin Laden [LINK]

Some of the accounts had earlier posted a similar message (complete with some rather sloppy spelling):

Pics of Osama Bin Laden Are Finally Released! [LINK] ::wanring very gorry::

Clicking on the links takes you to what appears to be the normal Twitter login page.

Fake Twitter login page

Would you enter your username and password at this point?

Take a close look at the URL before you make that decision.

Pictures of Osama Bin Laden phishing url

Hopefully you notice that it’s not the real Twitter URL – it’s a phishing site set up to steal your username and password.

If you make the mistake of entering your username and password then you will handing over the keys to your account to phishers, who would then be able to use your account to read your private messages, send messages (perhaps spam-related or containing malicious links) to your followers.

Worst of all, if you’re one of those people who uses the same password as you use elsewhere on the internet – you’ve now told the cybercriminals how to access, for example, your Gmail, Hotmail or PayPal accounts as well.

If you found your Twitter account was one of those sending out the phishing messages, or if you made the mistake of entering your username and password, then you must change your password as soon as possible.

Not just on Twitter, but also make sure you’re not using the same password anywhere else on the net. You have to consider that password is now compromised.

There’s some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in “Account Settings”, and revoke access for any third-party application that you don’t recognise.

Follow me on Twitter at @gcluley if you want to keep up-to-speed with the latest threats, and learn how to protect yourself.


Osama bin Laden leaked video scam rises again on Facebook

A new version of the various Facebook scams we have seen since the death of Osama bin Laden has emerged.

Naked Security reader Sampath sent us a tip-off about the latest variation he had seen of a viral scam that poses as a video of the killing of Osama bin Laden:

Osama killing real video leaked

OSAMA KILLING REAL VIDEO LEAKED
OMG! real video of Osama Bin Laden being killed. Video leaked by wikileaks. Watch it before it get deleted.

A link in the message may, at first glance, appear to point to the YouTube website but in fact points to a similar-looking Indian domain name ending in “.in”.

If you make the mistake of clicking on the link you are taken to a third-party webpage, which poses as a security verification check from YouTube.

CAPTCHA request

Quite why anyone would imagine that typing in the words “real video” is any form of security verification is beyond me.

But what’s happening here is that when you submit the so-called CAPTCHA text you are unwittingly publishing the message to your own Facebook wall. This spreads the message virally to your Facebook friends, and helps spread the scam further on behalf of the bad guys.

The scammers make their money by tricking you into taking an online survey. They earn commission for each person they managed to complete it, and you might be the sort of person who is tempted to answer the questionnaire in the belief that you’ll get to see a video of the Osama bin Laden being killed.

Survey scam

Remember – the real YouTube would never ask you to complete an online survey before watching a video, and that scams like this are rife across Facebook. As long as Facebook users keep falling for scams like this, they’ll carry on being a problem.

At the time of writing this latest iteration of the Osama bin Laden Facebook scam appears to have been eradicated. But I wonder how long before a new variant arises?

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Osama Shoot down video scam spreads on Facebook

Facebook users are being tempted to click on links to what purports to be a video of Osama bin Laden being shot, in the latest scam to exploit the hot news story of the Al Qaeda leader’s death.

The messages appear as follows:

Osama shoot down video

Watch the Osama Shoot down video

Osama Dead - Censored Video Leaked
on.fb.me
Osama is dead, watch this exclusive CNN video which was censored by Obama Administration due to level of violence, a must watch. Leaked by Wikileaks.

Clicking on the link, however, will not instantly show you some sensational footage of US Navy Seals attacking Osama bin Laden’s compound in Pakistan.

Instead, you’re told you will have to take an online survey.

Osama shoot down video scam

That should be enough to set your alarm bells ringing – as survey scams are a persisting problem on Facebook, earning scammers commission with every survey they manage to trick users into completing.

What’s most interesting about this scam is that they trick you into cutting-and-pasting a line of JavaScript into your web browser’s address bar.

Not that you’ll realise that you’re doing that, of course. As far as you know all you’re doing is following a sequence of instructions and keyboard presses before you watch the video.

Osama shoot down video scam

But any time you paste a script into your browser’s address bar, you’re effectively running code written by the scammers without the safety net of protection.

Script

Before you know it, you’ll be sharing the news of the “Osama Shoot down video” with all of your Facebook friends, and the scam will be spreading virally.

My guess is that you don’t want to make it so easy for the scammers to run their scripts on your browser – so don’t fall for scams like this.

Be very careful not to be fooled by scams related to Osama Bin Laden’s death, not just on Facebook but on other parts of the internet too. Such a big news story always seems to attract the interest of fraudsters and malware authors.

If you want to keep up-to-date on the latest scams, and are a member of Facebook, don’t forget to join the Sophos Facebook page to keep informed about the latest security news.