Secret details about Michael Jackson's death!

Celebrity news will always be used in criminal ploys because scammers know that many people love gossip. The recent death of Michael Jackson is already spawning bad emails that contain malware in their attachments, according to several security firms, including Sophos. Graham Cluley, senior technology consultant with Sophos, predicted immediately following Jackson's death that cyber criminals would soon start to take advantage of the news to pull off scams.

Typically, malicious Facebook and Twitter messages relating to celebrity news contain links that claim to have "secret" information. In the case of Jackson, Cluley said he has heard some of the lures include promises of songs by the King of Pop that have never been heard before or new details and pictures of Jackson's death. However, the link to the information then typically prompts the user to download an update of Adobe Flash. Of course, instead of an update, users end up with a bot Trojan or other piece of malware installed secretly on their computer.

"Perhaps one of the most famous of these is Koobface," said Cluley. "There have been many iterations of that designed to steal information from your computer. Once they have compromised your computer, they can use it to send spam, install spyware, steal your identity, or launch a denial of service attack."

The Jackson death is only one example, said Cluley. Past celebrity scams that have used this ploy included one that had the headline "Paris Hilton tosses dwarf on street."

I'm trapped in Paris! Please send money.

CSO reported details of this scam, often called a 419 scheme, several months ago (See: 9 Dirty Tricks: Social Engineers' Favorite Pick-Up Lines). But it continues to make the rounds on Facebook, according to Cluley, and fools unsuspecting users.

It goes like this: You are on Facebook, when a "friend" uses the Facebook chat feature to send you an instant message. Sometimes it might be a message in your inbox. Either way, the "friend" informs you that they are trapped in some foreign country and have been robbed or have lost their wallet through some other unfortunate incident. They need you to wire money quickly to help them get home. However, on the other end is a person posing as your "friend" that has hacked into your actual friend's account.

This scam is really just a new version of the old email trick that informs a recipient they have "inherited millions," according to Cluley.

"The emails often say something like 'Just give us your bank account details and we will deposit the money," he said.

But in this particular Facebook ruse, the idea is to get you to assume it is someone you know and trust on the other end of the IM so you will wire money quickly to help them out.

"People tend to be more relaxed about communications with friends on social networks," noted Cluley. "Also, the scammer can use other information from your profile, such as your wife's name or your children's names, to make it seem more legitimate."

Cluley recently blogged about a friend who was contacted by a scammer looking for money with this tactic. Fortunately, Cluley's friend was clever enough to recognize the scam and managed to trick the criminal into visiting a personal web site he maintains and ultimately captured his IP address. It turns out, as predicted, the person on the other end was at a computer in Nigeria, not Paris.

Sean Sullivan, a security advisor in the F-Secure Corp. security labs, said most of these attacks are the result of a compromised username and password. Sullivan recently criticized Facebook for their security questions protocol, which he thinks use out-dated questions such as mother's maiden name, and said he thinks they should consider having users choose their own security questions.

"Perhaps when the college kids that created Facebook designed it, they never thought any one would be able to guess their father's name," said Sullivan. "But I actually have my father in my network. It wouldn't be too hard to figure that out."

OMG! Did you see this picture of you?

Both Facebook and Twitter have been plagued by several phishing scams that involve a question that piques the user's interest and then directs them to a fake login screen. Typically, the user receives a message, such as "Did you see this picture?" with a link also included. The user clicks the link, and it prompts them to enter log-in credentials on a fake log in screen.

On Facebook, for example, members might receive a message in their inbox, or a message on their wall, that directs them to another site which looks identical to the Facebook log-in page. Just last week, Twitter users recently began receiving tweets that asked "OMG! Is it true what they said about you in this blog?" The link directed the user to a screen that looked just like the Twitter log-in page, but was instead a phishing site. Of course, once you've entered your user name and password into one of these fake sites, the criminals engineering the con have easy access to your account. Sullivan said another recent version of this scheme included messages requesting users update account information, which then took them to fake log-in screens.

This is a classic phishing ploy, according to Cluley. Hackers may be looking for your account information in order to send spam, or pose as you in order to pull off a 419 scam like the one mentioned above. In order to avoid having this happen, make sure you check the url before entering your log-in information. If your browser bar says anything other than Facebook.com or Twitter.com, leave the site immediately.

The other potential in this scam is spyware infection, said Cluley. The tiny url function makes this even easier for scammers because you can't see the link you are clicking.

"You click on a link that is infected with spyware, and it can steal credentials, bank information, all kinds of useful information about the different accounts you may have," he said.

Bottom line: If a link or a message seems suspicious; click at your own risk.

Test your IQ

Facebook members who recently decided to use an application that offered an IQ test were unpleasantly surprised to learn they had unwittingly also subscribed to a text messaging service that cost approximately $30 a month.

The IQ test looked like most other Facebook applications. But once the test had been completed, users were asked for their cell phone number in order to receive results. However, by handing over their number, they were also enrolled in the text messaging service. The terms of the service were in fine print that many claimed was nearly impossible to notice.

This is just one of many examples of scams that take advantage of the "applications" feature on Facebook, said Sullivan, who advises users to be weary of all of the applications on Facebook and says he rarely uses them himself. In order to use a Facebook application, which often include fun quizzes such as "Test your 1980's trivia," you must allow the application to have access to information in your profile. The privacy issue is just one risk, said Sullivan. In some cases, the applications download malware onto your computer.

"There was application that was going around that was spamming people internally," said Sullivan. "In other instances, malware authors are looking for banking passwords, any kind of password."

Join State University's Class of 2013 Facebook group

A college guide book publisher called College Prowler was recently criticized for creating Facebook communities for students in the class of 2013 that appeared to be organized by their college or university. A recruiter with the admissions department at Butler University uncovered the ruse when he found a Class of 2013 page for Butler University on the site, but no one at Butler knew who had created it.

The recruiter, Brad Ward, blogged about the find and said pages had been created for many major universities around the country, including the University of Michigan, Cornell University, Duke University and Northwestern University. According to Ward, none appeared to have been created by any one with legitimate ties to the class of 2013 at any of the schools.

Invites to Facebook groups run the gamut from alumni groups to groups with common interests in sports or hobbies. But if you don't know the person inviting you, it may be best to ignore it. Other instances of fake groups have included invitations that prompt users to install certain applications in order to "chat" with other members, but instead install malware. In some instances, unwanted products, such as toolbars, have been installed onto the user's computer after the person joined a group.

Tweet for cash!

This scam takes many forms. "Make money on Twitter!" and "Tweet for profit" are two common come-ons security analysts say they've seen lately. The claim is that anyone can work from home and make large sums of money (Up to $10,000 a month!!) simply by "tweeting." Sounds too good to be true, and, of course, it is. The age-old work-from-home email scam has now migrated to Twitter, according to Ryan Barnett, director of application security research at Breach Security, a Web application security firm.

Breach, which recently published its Web Hacking Incidents Database report, has seen an explosion in this scheme in recent months as the economy has forced cash-strapped folks to do whatever they can for some income. Those who fall for it are asked for their credit card number in order to pay a $1.95 shipping fee to get their 'Twitter Cash Starter Kit.'

"The end user ends up forking out money to do this work and they pay money to some rogue company," said Barnett. "But once you've paid for the CD, they now have your credit card number and they can just keep charging that card each month."

Many who have been taken by this ruse claim they later find out the Starter Kit had a 7-day free trial, and the company then charged a monthly "fee," typically around $50, unbeknownst to the victim, who often has to cancel the credit card in order to stop the fraudulent charges.

Ur Cute. Msg me on MSN

The sexual solicitation is a tactic spammers have been trying for many years via email, said Graham Cluley, senior technology consultant with U.K.-based security firm Sophos. Cluley keeps a close eye on the latest lures cast out by spammers and recently has seen an upswing in Twitter "tweets" that feature scantily-clad women and include a message embedded into the image, rather than in the 140-character tweet itself. A typical example includes a message that says "Ur cute. Msg me on MSN," which is embedded into the picture and is a ploy that ultimately leads the user to an adult site, said Cluley. Embedding the message into the picture is a way for spammers to get past Twitter's anti-spam filters, he said.

"You can see they (spammers) are going to further and further lengths to drive you to their Web site," said Cluley.

The ruse gets even more sophisticated if you decide to "chat" with one of these "ladies" on MSN, said Cluley. Instead of a person, it's a bot pretending to be a human conducting the flirtatious conversation.

"They are trying to reduce their costs and it's much easier to have computer programs do this for you," said Cluley.

Cluley said the bot follows a script which offers the end user a "free pass" to their supposed adult webcam site. However, the site being linked to in the pass typically asks for credit card and other user information for age verification. Of course, handing over this kind of information makes you a prime target for identity theft, said Cluley.

Protect your family from swine flu

The bad guys will always take advantage of what is in the headlines, such as the world's concern over swine flu, to snare unsuspecting users. Claims about celebrity deaths are another popular way to get attention. But these days it is even easier for a user to end up clicking on a bad link because of the prevalent use of the shortened URL.

There are many URL-shortening services that allow users to truncate the length of a link in order to save space in a Twitter tweet or a Facebook status update. But it is impossible to see where the link will take you, which is exactly why criminals are increasingly using them to direct folks to bad sites. According to a recent Symantec MessageLabs Intelligence report, shortened-URL spam is also a popular technique for spammers seeking to sell drugs online.

"Spammers are taking advantage of the heightened interest in health-related issues such as swine flu and Obama's healthcare reform, to distribute large shortened-URL spam runs using the powerful Donbot botnet," MessageLabs officials said. In fact, abuse of the shortened URL actually resulted in the closure of several legitimate URL-shortening services, according to the report.

Some of the URL-shortening services have begun to attempt to filter out bad sites by checking URLs against known black lists, but the issue is far from resolved noted Cluley, particularly because despite increased efforts to block malicious links, Twitter and Facebook do not have a filtering mechanism for bad shortened URLs.

"They and the other social networks have a lot of maturing to do," he said. "You cannot rely on them alone. You will need some defense on your computer."

Mike Smith commented on your post!

Reading friends' comments is one of the major features of Facebook. So it is unfortunate that Trend Micro researcher Rik Ferguson recently discovered a phishing scam taking place with several rogue Facebook applications. The malicious applications uncovered by Ferguson have names such as "Your Photos" and "Post" and begin with a notification that someone has "commented on your post." However, once the user clicks on that notification, they are lead to a harvesting site called "fucabook.com" which looks like a Facebook log-in page and asks users to enter their log-in information in order to "enjoy the full functionality" of the application. It then steals that log-in information and then spams your friends.

Other applications had names like "Sex, sex and more sex" and "Birthday invitations." While the apps Ferguson uncovered were removed, several more popped up only days later with names like "Friends," and "Matching." Ferguson noted users can avoid falling prey by following the simple rule of checking the URL displayed in the browser address of any site you visit to make sure you are actually on Facebook instead of a malicious site that only looks like Facebook.

Amber alert issued!!

This one is not so much as scam as it is a hoax. Perhaps you've seen it: A friend in your network updates their status to read "Amber Alert issued in Anytown, U.S.A. 3-year-old girl taken by a man driving a silver truck with plate# 72B 381. Post this in your status update. You could save a life! "

The details vary, some include names. But many of them are simply untrue and can often be quickly checked out on sites such as fbi.gov and even the urban-legend-debunking site snopes.com. While you may not be at risk for something serious like identity theft with this hoax, many law enforcement officials have come out against the fake Amber Alert joke because it desensitizes users to the severity of a real alert. If enough hoax Amber Alerts make the rounds, people are more likely to ignore a real one.