OFFICIAL SECURITY BLOG

Work at Home Scams: Leveraging Facebook’s Contact Lists For Better Results

May 31, 2013 | BY

More and more people are working from home these days for a variety of companies, big and small. This is cost effective for firms and remote workers enjoy the ability to work on their own with simply a computer and Internet connection. However, there is also an increasing number of work-at-home and get-rich-quick schemes (we blogged about them before) and some criminals are trying to maximize their return on investment by harvesting email addresses and contact lists from Facebook, as well as email accounts, for more targeted attacks.

In this post, we will explore the business model and the techniques used that are making some individuals a lot of dirty money.

finance_reports

Does the story above sound too good to be true? Just a bit, and yet this scam works really well.

The socio-economic factors:

During their lifetimes, many people will experience a hardship, lose their jobs, get critically ill or find themselves retired with a tight income, struggling to make ends meet. Wouldn’t it sound like a dream come true to be able to work from the comfort of your own home? While there is such a thing, the reality is that it just isn’t as easy as the “report” implies. But hopeful promises are like water in the desert, and need will drive many people to reach out for them. The crooks hammer the same hopeful message over and over again and use all sorts of tricks to reel in their next victim.

The e-marketing scam:

The pages are built in such a way that they catch your interest and keep you scrolling down for more. Not only that, but the offer is personalized based on your IP address, which again is meant to gain the person’s trust. Logos and even videos from news sites are inserted out of context and leveraged to give legitimacy to the offer.

logos

What the crooks are trying to sell ranges from books to DVDs or other materials, all with many promises like “satisfaction guaranteed” and such.

save

These offers are not only unrealistic but actually could take you down a very bad road. If you think you only lost a hundred dollars by investing in a scam like this, think again. Once the crooks have your name, phone number and credit card details they will try to get as much money from you as they possibly can. In some cases you will be solicited again for more products – or even worse, your private and banking information will be sold on the black market.

Going full circle:

Remember the website from the first picture? Its domain name is workingathomewithgoogle.com. It was registered through the CENTER OF UKRAINIAN INTERNET NAMES (note the country) to a certain Edward Johnson living in the U.S. (a fake identity, of course). Well, now consider the following known phishing website, reported on PhishTank that steals Facebook credentials:

phish

Guess who owns this phishing site? It turns out that this domain, fizibookzz.com, was also registered through the CENTER OF UKRAINIAN INTERNET NAMES by the very same “Edward Johnson”! It’s a reasonable bet that a person who engages in criminal phishing behavior on one of his sites is unlikely to be offering an honest business opportunity on another.

And guess what happens when the bad guys have your username and password? Well, they spread the scam to your family and friends by posting it on your wall, emailing it to them directly, etc.

fb

Other “campaign” methods include hacking Twitter accounts and tweeting away:

twit

All in all, there are entire groups of individuals (most likely from Eastern Europe or India) running these scams and registering these fake sites (which, for the most part, are hosted in the U.S.) under false names, hiding behind proxies, and so on. It’s safe to assume these people also belong to affiliate networks and take part in other illegal activities.

To conclude this post, I thought I would show something quite ironic that I came across during this research. We all know about those infamous Nigerian scams, in which a king in exile supposedly really needs your help to transfer his gold/diamonds out of the country and offers to share half of it with you. Well, guess what? Nigerian crooks don’t just export their scams to the rest of the world.  Scams are also used to target Nigerians themselves:

nigeria

pay

I guess there is just no hope when scammers scam their own people, is there? But I have to admit, the idea of a classic Nigerian scam making the rounds in Nigeria is quite funny…

Other than the phishing pages, we also see many Facebook contact requests sent for the sole purpose of getting your “friends” list and spamming the people on it.

So you should pay attention when you receive a new contact request, as it may turn out to be a spam bot or some other less-than-desirable “friend” to have. It is obvious that targeted spam campaigns or scams that reach you through people you know achieve better results for the crooks who perpetrate them because trust is already established.


  • http://www.facebook.com/cooperkj Karen Cooper

    I appreciate the article and the work you are doing to fight malware, scams, and general dishonesty. I do, however, wish to point out that not ALL “work at homes” are scams. There are many legitimate work at home jobs out there, with many well known companies. I myself have posted on Facebook about some of them, trying to encourage others to find the freedom I have found from working at home. The ads you posted as examples are so obviously scams, I feel sorry for the people that fall for them, and then “work at homes” get a bad rap. However, American Express, U-Haul, and many others regularly hire people to work for them out of their homes. It’s just a shame, when trying to point out the scams, and the bad, that no consideration is given to the legitimate, good jobs out there, thereby giving a bad name to the whole industry.

  • Jerome Segura

    Hi Karen,

    I totally agree with what you’re saying, as I am in fact also working remotely. I think even though the article paints a negative picture, at the end of the day the goal is to warn people about those scams which are far too common. Those people actually working from home for legit companies will know how to tell the difference.

  • Pingback: Work at Home Scams | Cybertreneurs

  • Pingback: News | Cash Flow

  • https://www.facebook.com/muhammad.bcs Mcs Kaleem

    Hi Friends Real and 100% secure online PTC site working from 2007. NEOBUX World first genuine earn money site just click http://www.neobux.com/?r=saleemkkh29 make 80$ dollars daily