Yet Another Miley Cyrus Sex Tape Kicks Tagjacking Back into Shape; Authentication Tokens Snatched through ‘Copy/Paste Code’ Classic
A Facebook post made to resemble a breaking news announcement about a Miley Cyrus sex tape brings tagjacking back into the social scam spotlight.
The huge thumbnail propagating the scam displays a closeup of the singer, apparently in a state of rapture. The news crawler aims to hit it big with the leaked tape announcement by throwing in the “minor” detail of the “millions of men [having] called in sick after seeing it”. However, the fine print accompanying the shared image – “omg I lost all respect for her now”- is one of the classic lines of leaked sex tape scams and might prove counterproductive.
By clicking the image, users are taken to a web page where the video appears to be hosted.
When trying to play the clip, users are requested to first prove that they are not underage.
Here, again, we are dealing with the well-known, if not utterly obsolete, “copy/paste code” method whereby the scammer aims to steal the victim’s Facebook authentication token. This grants the scammer temporary access to the targeted Facebook account, including the victim’s list of friends.
To add boredom to injury, so to say, once you reach this stage you are invited into the much abused (by now) quiz maze, which kindly helps you waste a lot of time and, if willing, even money.
At the end of this unfruitful journey, those who have given in to temptation will see their deeds shamelessly exposed on their Timelines under the form of automatic posts in which all of their friends will be tagged. The stolen authentication tokens are put to excellent use and the scam circle can go round and round.
This article is based on the technical information provided courtesy of Steliana Goga, BitDefender Online Threats Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.