Search This Blog

Thursday, 1 September 2011

We have moved!

Hey guys just to let you all know that we have now integrated our blog onto our website -

You can now read it here -

Hope to see you there :)

Tuesday, 5 July 2011

Same Rumours, Different Day

The only thing more perplexing than the reasons why Facebook hoaxers constantly conjure up silly time wasting rumours to spread across the social networking site is the curious viral success their unoriginal drivel seems to enjoy. It seems the same moronic, illogical nonsense circulates every few weeks across sites like Facebook, MySpace and Twitter, only slightly repackaged, which apparently is enough to fool everyone. All over again.

Take, for example, such a classic like the rumours purporting a soon-to-be-introduced charge for using Facebook, of which several hundred variants have circulated over the years, the most recent being in the last few days. Common sense would, or should, immediately dismiss these rumours as fabricated garbage since you needn’t require a business degree to figure out Facebooks business model, which relies almost entirely on marketing the information it gains from its epic user base, would fail if a mandatory charge was introduced, especially with 101 other free-to-use social networking sites lurking around the corner looking to grab Facebooks global number 2 spot. If that isn’t enough, the first several rumours purporting a charge for Facebook have all inevitably proven untrue, with their proposed dates having been and gone some time ago. Yet new messages are born, preaching the same nonsense but with different words and different dates, and the social networking collective tremble in fear once again because hey… didn’t we mention? … different words and different dates!

Its official. signal at 12:20 it even passed on tv. Facebook will start charging this summer.If you copy this on your wall your icon will turn blue and facebook will be free for you. Please pass this message if not your count will be deleted. p.s, this is serious the icon turns blue, So please put this as your status!

 This latest version claims Facebook will start charging in the summer, but if you copy and paste a message to your status, your account will be remain free. An insult to intelligence, but this latest variation has fooled many, many thousands.

It begs the question – why are we so slow to pick up on digital nonsense? If someone told you that brussel sprouts do actually make you stronger, we’d engage the brain and realise that it wasn’t really true. If you weren’t particularly smart, you’d eat lots of sprouts and soon come to the same conclusion. In the real world, such a rumour, or myth even, is easy to dismiss, but we’re failing with the digital counterparts, on both accounts – we’re not engaging the brain, and we’re not learning from the past. We are blindly circulating the same regurgitated rubbish over and over, panicked and bewildered, muttering extremities yet not mulling it over even long enough to realise we’re actually making fools out of ourselves and the crap we’re circulating is essentially saying - without a hint of sarcasm, mockery or cynicism - “Eating sprouts will make you as strong as Popeye.”.

 They really won’t.

Monday, 16 May 2011

New Viral SPAM Messages Hit Facebook

Facebook users should be aware of a slew of viral messages circulating the social networking site as a result of a gaping security flaw on Facebook’s behalf concerning their platform on the iPhone.

Scammers have managed to concoct a way of fooling Facebook users into pasting JavaScript code into their URL address bar that causes them not only to post messages onto the walls of their Facebook contacts, but such messages contain extra options at the end of the post which are fully customisable by the scammer.
Avid Facebook users will be aware that at the end of messages posted on their walls are the familiar options such as  “Like”, “Comment” or “See Friendship”. What makes these viral scam posts different and more dangerous is that an extra option is appended as well, that – from what we can see – can virtually say anything, meaning such posts look much more legitimate, and this factor is certainly what is making such posts incredibly successful at circulating the social networking site. See the image below -

The posts are varying, but the extra option at the end of the posted message will direct users either to external websites or to Facebook Pages that contain a variety of scams. Most prolifically, these scams are requesting Facebook users copy and paste a handful of lines of JavaScript code into their URL address bar which is extremely dangerous and also causes the Facebook user to post the same message to all their Facebook friends, thus helping the scam messages propagate virally.

At this time, the security flaw is only effecting iPhone users since all offending posts have derived from an iPhone user, yet with more and more Facebook users turning to their friends to social network, this is still potentially effecting millions of users. Scammers have already used a diverse array of messages, including these –

OMG! Its unbeliveable now you can get to know who views your facebook profile.. i can see my top profile visitors and i am so shocked that my EX is still creeping my profile every hour. click below

Facebook now has a dislike button! Click Enable Dislike Button to turn on the new feature!

F**k you fa**ot. Go kill yourself. Vote for Nicole Santos. I hate you and the only way to remove all these posts is by disabling this below.

Please do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT. Click VERIFY MY ACCOUNT right next to the comment below to begin the verification process....

What is more concerning perhaps is that these messages started circulating more than a week ago, yet identical threats exploiting the same flaw continue to circulate - apparently unhindered - around Facebook fooling its users into potentially dangerous situations. And it doesn’t look like stopping either, since we imagine the next message exploiting the flaw will be released by the scammers shortly, if it hasn’t already.

This must be particularly embarrassing for Facebook since it coincides with their announcement of much more stringent security procedures to reduce scams that circulate the site.

That’s another D’oh, Facebook.

Wednesday, 23 March 2011

Facebook Facing Wave of Facebook Chat Attacks

The popular social networking site Facebook, which is always finding itself the target for many scammers and hoaxers has been facing a surge of attacks recently targeted at its Instant chat feature that comes integrated within the website.

Facebook users have been complaining about malicious links that are circulating automatically throughout the Chat facility that direct unwitting users to application installation pages. Such Facebook applications are typically survey scams where victims are told to complete surveys, which when completed make money for the scammers.

The surge of attacks using the Chat facility has led to many people leaving the blame on “self-generating viruses” (see here for our article on that warning), worms and Koobface threats, when in reality the blame is on the rogue self-propagating Facebook applications.
The links that are circulating through Chat are bundled with some curious message that is designed to bait victims into clicking the link. Once clicked, users are taken to a page like the one below.

As you can see from the permissions page on this application installation page, the Facebook application wants access to your Facebook Chat facility. It needs this so it can pass the same message that fooled you onto your Facebook contacts.
Additionally once the application installs, users are typically urged to complete a survey to see or receive whatever the original Chat message promised.

The messages circulating throughout chat are different, but some popular ones include –

"OMG: This girl killed herself after her FATHER posted this message on her wall"

"It will make you reevaluate what you put on your wall after seeing this"

"hey lol check out this girl,she i cant believe this video"

"omg hahah have u seen this photo u got tagged in LOL"

Other similar derivatives are also used, all of them designed to lure curiosity from the potential victim.
Worth noting is the links bundled with these messages nearly always use the Bit.Ly shortcut method, which hides the true URL address.

Facebook does its best to delete such applications and usually does so within hours of them popping up, meaning many of these messages end up pointing to dead links where the application used to be, but the open nature of Facebooks application development platform means that new rogue applications are literally popping up everyday.

Always be wary of links sent to you through wall postings, comments or through Facebook chat, especially if that link and message seems suspicious or out of character with the sender, or if the link is disguised with a URL shortener such as Bit.Ly. Never install Facebook applications that appear after clicking on such links, and if you have, you should visit this page that contains instructions on how to remove rogue Facebook applications.

Monday, 21 March 2011

Facebook Fight Back Against Likejacking Scams

Last week our blog post was about clickjacking (also dubbed likejacking scams) so we won’t go into much detail about how the scams to say, other than to say it is the recently prolific scam of hiding Facebook Like buttons underneath images in a bid to trick online viewers into clicking and inadvertently liking external pages.

However Facebook has actually stopped such scams in their tracks by replacing their one-click Like button with a new version that requires users to confirm their “Like” before the action is posted on the Facebook users newsfeed.

The update, which has already been implemented, prevents the one-click nature of the Like button by replacing it with a three step process. Firstly an Internet user clicks the Like button displayed on a website, and the word Confirm appears. Upon clicking Confirm a pop-up appears giving information about the webpage the user is about to Like. The user then has the opportunity to confirm the “Like” action, or cancel it altogether.

Of course this means Facebook clickjacking scams, which rely on a user inadvertently clicking a Like button and hence “liking “ a page, become almost impossible since users will have to confirm a pop-up to complete the “liking” process, giving potential victims a chance to cancel the action once they realise they have been duped.

Whilst clickjacking is a broader term that is not specific to Facebook, this action may mean we have seen the last of Facebook clickjacking (likejacking) scams.

The move is also going to give Facebook some rare positive feedback from privacy and security experts, amidst all the current controversy the social networking giant is facing, specifically the imminent move to begin sharing the contact details of Facebook users with third party Facebook application developers.

Monday, 14 March 2011

Facebook Clickjacking Attacks

In a nutshell…

Clickjacking, in its most broadest sense, is a type of attack that involves hiding certain functions within a webpage that activate when a victim clicks on them – the victim is under the impression that their clicking action will perform a completely different function, unaware that the hidden script is present and has the ability to perform a completely unwanted action.

Facebook clickjacking attacks are one of the most prevalent, and are most commonly designed to get Facebook users to unwittingly "like" external websites which in turn spreads such websites to that Facebook users contact list.

Facebook clickjacking attacks are also dubbed "likejacking" since it utilises the "like" feature on Facebook.

How it works…

For anyone familiar with Facebook and how it operates, they will also be familiar with the ability to "Like" information such as comments, videos and status updates. When a Facebook "likes" something, it appears on their Facebook Wall that they "liked" it, which in turn will appear in the newsfeed of many of their contacts.
A recent addition to the "Like" feature is that website developers can add a button to their own websites that allow Facebook users to "Like" the website by clicking that button, meaning Facebook users do not have to be within the Facebook environment to use this feature.

This has led to scammers essentially hiding the Facebook "Like" button on their websites and then tricking users to clicking on the area of the webpage that contains the hidden button, so what essentially happens is that the user inadvertently “likes” a website by clicking on an area of a webpage. The user is unaware that they have "liked" a webpage and that this action has been published on their Facebook Wall and on the newsfeed of many of their contacts.

The clickjacking is designed to bait people into "liking" a page so that a page can propagate between Facebook users since Facebook contacts who have seen that their Facebook “friend” has “liked” a page are likely to visit the same page and fall for the same trap.

Popular Examples

The most prolific example of a clickjacking attack is where Facebook users are baited with a non-existent video. They are taken to a page which replicates a typical video sharing site. Users are clearly baited to click the Play icon in the middle of the video screen, and this is where the hidden Facebook "Like" button will be located. Clicking the Play button will cause the user to “like” the webpage.

Some sites try and replicate YouTube. Some use a logo displaying TouTube, FouTube or FBTube.

Other popular examples include requesting users to "prove their human" by clicking certain areas of a webpage in a certain order. The Facebook "Like" button is simply hidden in one of these areas.
Survey Scams

2011 has seen a significant increase in clickjacking attacks that are employed to help survey scammers. Facebook survey scams have previously used various tactics to help spread including rogue Facebook applications, forcing a user to "like" and "share" an external website or forcing them to join a Facebook group. Clickjacking is the latest tactic survey scammers are using to help them spread their malicious links.

Survey scams are when scammers trick victims into completing surveys on the false assertion the victim will receive/achieve something in return. Once a victim completes a survey, the scammer gets money. More information on Facebook survey scams can be seen


If you are the victim of a clickjacking attack, the first thing you need to do is remove the offending “like” post that your Facebook account has just produced. Go to your profile and hover over the post. Click the "x" on the top right and then click Remove. This will stop your Facebook contacts from falling in the same trap.

For most clickjacking accounts on Facebook, this is all you need to do, since many clickjacking accounts do not involve any malicious payload.

If you feel you may have downloaded something onto your computer through the attack, run an up-to-date virus scam to check for threats.

Avoiding Clickjacking Attacks

The easiest way to avoid such attacks is to be careful on what links you click on Facebook and to always be wary of suspicious links and websites. If a link is offering you something that you think does not exist or is too good to be true, then it probably is.

There are other more dynamic ways to avoid clickjacking accounts as well, such as downloading and using the Firefox web browser to visit websites. Firefox has an optional downloadable NoScript plugin with disables any type of hidden script which can be utilised by clickjacking scammers. This plugin can be used to disable all types of embedded script on sites that you do not trust.

Additionally, always make sure you use the most recent version of your Internet browser (i.e. Internet Explorer, Firefox, Opera, Chrome)

Tuesday, 1 March 2011

Nutritional/Dietary Supplement Scams

A quick guide to buying nutritional supplements online, and why users should always be wary when purchasing self improvement supplements online

The age of medicine is always quickly changing, and one of the main talking points regarding health and fitness over the past years is the use of nutritional supplements. With the peoples dream of living for as long as possible, nurturing a healthy diet and otherwise natural healthy lifestyle is no longer considered sufficient with the introduction and increasing popularity of additional supplements one may not otherwise take.

The subject of nutritional supplements is one that still draws considerable controversy, both from the medical and retail communities, yet it seems that dietary enhancements are becoming more popular and increasingly accepted in today's world.

However, like anything that draws controversy and increases in popularity, there are people out there who take advantage of the situation.

Beware of the Acai Berries!

One such popular supplement is commonly known as the Acai Berry which is notoriously sold online as a dietary enhancement that purports to improve health, sexual virility and help with weight loss. However there is no credible evidence to back up these claims and many websites and multi level marketing plans selling Acai Berry based products have been shown to be both misleading and fraudulent. There are a significant number of complaints regarding these Acai schemes that vary from over charging credit cards, consumers getting unwittingly involved with
Ponzi schemes and poor products or placebos being sent to customers. These attributes have in many cases become synonymous in the online self-improvement scam industry, with a surge of thousands of sites purporting to sell "miracle dietary cures", only for the victim to find out that the claims made by the websites were simply false or misleading, both grossly exaggerating the benefits of using the product and the downfalls of not using it.

Such sites selling supplements like these would be known to use many other misleading tactics, such as using trademarked logos of legitimate news outlets and magazines in an attempt to feign endorsement. Additionally scam sites would hide expensive monthly charges under the facade of a "free trial" and automatically sign up victims to multiple subscriptions making it harder for victims to cancel and avoid further charges.

This has led to many supplement based websites also being attacked and shut down for breach of many non-supplement FTC guidelines, including updated FTC guidelines regarding the use of both customer testimonials and celebrity endorsements. Such sites would use faked unverifiable customer testimonials that purported atypical and uncharacteristic results, and also employed fake celebrity endorsements. Celebrities such as Oprah Winfrey and her resident medical expert Dr. Oz were notoriously unwittingly linked to these scams, which led to them filing suit against a number of these sites. Such sites claimed the celebrity duo endorsed their products, which was untrue.

You can read more about
Acai Berry Scams on our site here.

MLMs and Pyramid Schemes

Additionally websites or multi level marketing plans that sell a wider range of supplements have also attracted noteworthy criticism, on many fronts, which has led to specific FTC guidelines outlining the retail and advertisements of such supplements sold by sites and MLMs in the USA.
One such controversy that has drawn fierce criticism is often poor advice given by sites and affiliates regarding the sales of such items in order to sell supplements, which is often prioritised over giving sound advice to potential customers. One drawback, especially concerning MLMs that sell supplements, is the innate nature of an MLM structure that pressures its affiliates into selling as many of these supplements as possible with little regard to whether the end user really requires such a product.
Such affiliate based selling techniques are also often criticised for not checking their affiliates knowledge or experience of nutritional supplements when providing advice and selling such commodities. There is little legal ground or legislation concerning this area since these supplements are not considered [prescription] drugs, even though poor advice regarding supplements can still be considered potentially dangerous.

Even larger MLMs like USANA and Vitamark that focus on the sales of nutritional supplements have drawn their share of criticism and disapproval. USANA had found themselves in court for misleading their affiliates regarding potential earnings, a popular trademark of shady MLM schemes. The legal MLM Pre Paid Legal found themselves in trouble with the SEC for similar reasons.

Nutritional advice, like medical advice, is always best coming from someone who is qualified in the field. Whilst in many cases websites or affiliates of MLMs that sell supplements might be knowledgeable in the area, there is no guarantee, and any advice is likely to be biased to selling their products.

Our recommendation is always to get advice from either your doctor or a qualified nutritionist, and if you do purchase such products online, proceed with caution and remember that the person selling you the item is just that – a salesman, not a qualified nutritionist and any advice offered should not necessarily be taken as correct.