When scammers socialize

A sophisticated, seemingly broadly orchestrated online scam that promises bogus prizes like iPads or gift cards in order to dupe Internet users into giving up their identifying personal information has been plaguing popular social media sites.

This scam uses typographic variations of the social media sites’ domain names to host web pages that are formatted to look just like the homepage, deceiving users into thinking they are legitimate.

A recent study conducted by FairWinds Partners revealed that this scam impacts 281 typos of the top 10 most popular social media sites, and puts a total of 48 million unique visitors per year at risk for spam, phishing and even identity theft.

The scam has become pervasive among the most highly used social media websites, including Facebook, Twitter, LinkedIn, YouTube and others. “It systematically steals Internet users’ identifying information by targeting a relatively narrow percentage of typo domain names – only those that receive extremely high volumes of traffic – in order to reach as many unsuspecting users as possible,” explained Phil Lodico, co-founder and Managing Partner of FairWinds.

Promising prizes and rewards in exchange for answering survey questions, these scam sites can quickly acquire a user’s personal information, including his or her full name, telephone number, email address, physical address, date of birth and even financial and credit information.

The group behind the scam sells this information to spammers and other digital miscreants.

“As with other instances of typosquatting, only the top tier of typo domains are being affected here, namely those that receive the most traffic,” stated FairWinds co-founder and Managing Partner Josh Bourne. “This means that with a relatively small amount of targeted action, social networks like Facebook, Twitter and YouTube can wipe out the majority of these scam sites and protect their users.”