"Check Who Is Visiting Your Profile" Scam On Russian Social Network Vkontakte

Vkontakte is the Russian equivalent of Facebook and has been criticized for being a direct "clone". Well, scammers are "cloning" the most popular Facebook scams and porting them to this Russian platform as well.

One recurring scam, used to trick people into giving up credentials to their Facebook account, or executing a cross-site scripting attack against themselves, has it's equivalent at Vkontakte: hxxp://gosti-vk.p7h.in/?r=3262.

Here is a screenshot of the page translated into English:
 

Scam site

The site claims to be an official Vkontakte application (with a .in TLD!). The page uses the same logo, layout and colors as the official site. The fake user testimonials explain that they have found likely lovers checking out your profile.

You need to give your ID or profile link (no password required) to let the "app" figure out who is viewing your profile:
 

Form (translated in English) to enter user ID

I inserted a fake name (in English) and the app miraculously found 7 people who had looked at my profile!
 

Name of people who visited by non-existent profile

Before I had time to click on any links, I was also asked to enter my cell phone number to ensure that I was indeed a human:
 

Phone number must be entered

This is where the Russian scam differs from the Facebook scam. In the US, scammers try to get users to fill out surveys, install spyware or try "free" offers. In Russia, as shown in other scams, scammers make money by sending SMS messages with a surcharge.