Fake CAPTCHAs Spread the Facebook Scam 'PHOTO! Girl accidentally sends dad SMS...'

It seems to be rather old news in knowing how Facebook can be attacked from one end of the spectrum to the other. In the latest rash of Facebook scams, security researchers from BitDefender have uncovered a particular type of Facebook scam that utilizes fake CAPTCHA security verifications to spread.

CAPTCHAs, or what some of us commonly refer to as security verifications, have become a common way for Internet users quickly verify that they are human and not some type of spamming bot. Because the Internet is such a vast place and wide open door for cybercrooks, CAPTCHAs must be put in place not only for commenting systems, but on social networks such as Facebook for the use of many common features.

Over the course of the past 2 years, Facebook has implemented CAPTCHAs for many aspects of the social network. As of late, cybercrooks are abusing CAPTCHAs on Facebook in order to trick victims into promoting their latest scam. In particular, this new scam comes about as a simple message reading: "PHOTO! Girl accidentally sends dad SMS about her FIRST time! (This is the funniest thing ever!)." Naturally, an abundant number of curious Facebook users would like to see what this message is all about. To do that, the user is first asked to verify their identity by solving a CAPTCHA as shown in Figure 1 below.

Figure 1. Fake Facebook CAPTCHA masking 'comment' button with 'submit' button (source: malwarecity.com).

The CAPTCHA above may appear to be simple and to the point. Unfortunately, what users will not realize is the SUBMIT button on the CAPTCHA above is masking a 'comment' button. Basically, the scam-laden CAPTCHA is a comment submission designed to simply submit the comment 'ha haha', which will be posted to the user's Facebook profile. By posting such a comment on their Facebook profile, as an answer to the original message, it will prompt other Facebook friends and followers to click on the link, share it, or even comment on it as well. As you can only imagine, the scam will exponentially spread throughout the network.

After giving this new creative scam some thought, it can be said that hackers and cybercrooks are advantageous to using reverse engineering techniques with successful results. What we can take from the exposure of this scam on Facebook, is we should be aware and vigilant of scams that utilize common security features put in place to initially protect us from scammers. Moreover, limit clicking on links over Facebook that seem to have a suspicious tone or nature about them. You can always look over our article about the Top Five Facebook Phishing Scams Used to Steal Your Identity to get a good idea on what to look out for over Facebook.