Survey scams have been targeting Facebook users for longer that they would wish. The goal of all of them has always been to make users fill out survey, but the lures and methods for serving the content to the users has constantly evolved in order to bypass the blocks put up by the social network.
The spammers have lately begun using Amazon’s cloud services for hosting the fake Facebook pages leading to surveys because it’s cheap and because is less likely that Facebook will block links from an Amazon domain.
Users are usually reeled in with offers to see a funny/amazing/shocking video, and click on the offered URL (often a shortened one). In a recently spotted scam they are then taken to the fake Facebook page where those who use Chrome and Firefox are asked to install a fake YouTube plug-in in order to view the video.
Unfortunately, the offered plugin is not what it claims to be.
“Upon installing the plugin, a redirector URL is generated by randomly selecting from the usernames, mo1tor to mo15tor, in the Amazon web service,” explain F-Secure researchers. “Then, the link generated is shortened through bitly.com via the use of any of the 5 hardcoded userID and API key-pairs. These key-pars gives a spammer the ability to auto-generate bit.ly URLs for the Amazon web service link. This ultimately leads to a redirection to the fake Facebook page.”
These users are, therefore, responsible for propagating the scam further by unknowingly posting the scammy message on their Facebook profiles, and are not asked to fill out surveys.
Users who use other browsers are spared from inadvertently spamming their friends but are redirected to surveys provided by affiliate marketers, served according the geolocation information given out by their computer.
Users who have fallen for similar schemes are urged to delete the offending messages from their Facebook feeds and to remove the fake YouTube extension they have been tricked into installing.