In our line of business, the day isn't complete without discovering a new scam on Facebook, the largest social network ever providing a time vacuum for over 1 billion people around the world. With that said, it comes to us as no big surprise that cybercriminals have launched a new Facebook scam that exploits the name and reputation of a popular figure. This time it is Adriana Lima who is exploited by cybercrooks by supposedly offering adult images of her followed up with a 'raunchy tape'.
Adriana Lima, on the heels of her supermodel and Victoria Secret Angel success, is not bad on the eyes of her world-wide fan base. Cybercriminals are using her fans and good looks to their advantage by hijacking Facebook accounts through enticing users to click on a link that appears to point to an adult website. From there, the users are taken to a fake YouTube window and after clicking to play the video a verification window pops up. This verification window asks the victim to 'move the favicon out of the box' but little does the user know that they are actually handing over their Facebook authentication tokens.
The image below shows where Facebook victims drag and drop a supposed Favicon outside of a box, which essentially drops the Facebook authentication token for scammers to collect it.
Figure 1. Facebook authentication token drop scam - Source: E Hacking News
What happens when a user send over their Facebook authentication tokens is it gives the hackers the ability to hijack their accounts and then in turn use them to distribute even more exploited posts.
Hijacking Facebook accounts is basically like a gold rush for scammers as they have a new audience of Facebook friends and followers at their disposal to spread enticing posts, such as the offer to view adult images of Adriana Lima. Facebook users are advised to be on the lookout for posts offering something that may seem a little out of place such as the offer to view adult images or sex tapes of a popular figure.
The recent exploitation of Adriana Lima is just one more notch in the belt scam-belt that hackers have wrapped around the social network giant Facebook, and it seems they do not have plans to unbuckle the belt any time soon.