Facebook scam baits users with LulzSec suspect photo

As the hunt for individuals behind LulzSec is underway, and reports about these worldwide efforts spilled over into the mainstream news, cyber crooks have jumped on the opportunity to misuse the curiosity of the public and have set up a Facebook scam targeting them:

The scam was revealed by Sophos’ Graham Cluley when he received a request from a British journalist to share the photo of the recently arrested hacker that is thought to have links with the hacking group.

Cluley said to the journalist that he didn’t have the photo in question, but the journalist insisted: “But you do have a photo of the hacker! I’ve seen it on Facebook! But we want an unblurred version!”

This statement led him to investigate the matter, and he unearthed the above pictured scheme. Sure enough, the link used in the story was one who pointed to Cluley’s blog post – but the story didn’t include a picture of the suspect.

Following the link to the page in question and to the tab labelled “The Picture”, he found out that the scam required the victims to “like” and “share” the page before supposedly being redirected to the unblurred picture. Once they did it, they got redirected to a third-party webpage where they were urged to download a program that installs a series of toolbars on the victims’ browser.

He doesn’t mentioned whether the unblurred photo is shown in the end, but he managed to track it down to a Wired article from 2008.