Facebook Starbucks scam targeting mobile users

Free coffee 'promo' dupes mobile users into subscribing to premium rate services
Kerry Butters

November 21, 2011

One of the latest Facebook survey scams to pop up has also witnessed the launch of an email spamming campaign, both leading users to unwittingly sign up for premium rate mobile services.

In both forms, the scam appears to be a promotional offer from Starbucks. The user is offered a free coffee and when they click on the link contained in the mail or page, they are taken to a third-party site via a series of redirections in a new browser window.

The user is then asked to fill in a survey in order to claim their ‘prize’ and asked to enter their mobile number.

They are then subscribed to a number of services which make charges on their mobile account daily.

Whilst this type of scam is far from new, the offer seems quite innocuous when compared to others that offer high cost prizes such as an iPad, the latest mobile handset or free Breaking Dawn Part 2 tickets.

The scam particularly targets mobile users, and keywords used for the site include ringtones and polyphonic ringtones, designed to catch users through search also.

According to security experts at Trend Micro, the site itself has been in operation since 2008 and is registered under a company known to be used by cybercriminals.

The scam is similar to those seen flooding the Android market, except they rely on social engineering to trick users, rather than using malware. However, the result is the same – users end up with a large phone bill.

With the email version of this scam, users are also asked to share the link through both Facebook and Twitter, ensuring that it continues to remain rampant on social media platforms.

The email scam also points to a website that offers mobile apps, which then leads onto the survey site.

Facebook scams continue to remain prevalent on the site and last week many users were shocked to find their newsfeed filling up with pornographic and violent images.

It was later found that the spammed posts were a result of a scheme which tricked users into pasting a malicious script into their address bar.

Whilst Facebook came in for heavy criticism for the situation, they resolved it quickly and weren’t really at fault as, despite widespread reporting of such attacks, users continue to fall for social engineering tactics on a widespread basis.

Trend Micro say that this means the lures will continue to target gullible Facebook users who give in to the temptation of getting something for nothing.

Of course, they do end up getting something from the schemes – an unmanageable phone bill and in some cases, a malware infection to boot.

To protect against scams such as this, users should invest in high quality anti-virus protection that blocks known malicious sites and utilises link scanners.

It is also a good idea not to use a page that asks users to paste anything into the address bar and beware of offers that seem too good to be true, as they usually are.


Post a comment

Your email address will not be published. Required fields are marked *

Visited 3319 times, 1 so far today