“Breaking News” message being pushed out across Facebook claims that a salacious video of Miley Cyrus has been leaked on the Internet and invites users to click a link to view the footage.
The message is a scam designed to trick users into handing access to their Facebook accounts to cybercrooks and participating in bogus online surveys. Regardless of how many surveys they fill out, victims will never see the supposed video. And, the compromised Facebook accounts will be used to flood Facebook with even more scam messages.
A message purporting to be “Breaking news” about actress and singer Miley Cyrus is currently being spammed out across Facebook. The messages claim that a compromising Miley Cyrus video has been leaked on the Internet and that millions of men have called in sick after viewing it. A link included in the message invites viewers to watch the supposed tape.
However, the message is a criminal ruse that attempts to trick users into providing scammers with access to their Facebook accounts before enticing them into participating in bogus online surveys. Those who fall for the ruse and click the link in the hope of seeing the tape will be taken to a page that displays what appears to be a typical video player:
Those who proceed to click the “Play” button will next be taken to a page that claims they must verify their age before proceeding. The page instructs users to copy a “verification” code from the Facebook account address bar and then paste it into the field provided on the fake page:
But, by pasting in the “verification” code, the hapless user is, in fact, giving the scammers access to his or her Facebook account.
BidDefender’s HotforSecurity blog explains that the “verification code” is actually the victim’s Facebook authentication token, which can then be used by the criminals to temporarily hijack the Facebook account. The hijacked accounts will then be used to automatically blast out more scam messages just like the one shown above.
Meanwhile, after engaging in the utterly bogus age verification process, victims will be moved forward into a typical survey scam. They will be told they must complete a survey or offer before finally seeing the video.
Some of the “survey” pages ask users to provide personal information including name, address and contact details, ostensibly to allow them to go into the draw for a prize.
Others invite them to download dubious toolbars, games or software.
Still others will claim that users must provide their mobile phone number – thereby subscribing to absurdly expensive text messaging services – in order to get the results of a survey or go in the running for a prize.
Alas, no matter how many surveys they complete, they will never get to see the promised Miley Cyrus video they have been so anticipating. And, embarrassingly for the victims, all of their Facebook friends will be tagged in the scam messages blasted out by their accounts and know exactly what they were clicking on.
Miley and other celebrities have been used as bait in many similar spam attacks in the past. Be wary of any message that claims that you can read breaking news or see salacious video footage of a celebrity by clicking a link in an email or social media post. This is a common scammer ruse.