Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

"Check Who Is Visiting Your Profile" Scam On Russian Social Network Vkontakte

March 07, 2012 - 2 min read
ImageVkontakte is the Russian equivalent of Facebook and has been criticized for being a direct "clone". Well, scammers are "cloning" the most popular Facebook scams and porting them to this Russian platform as well.

One recurring scam, used to trick people into giving up credentials to their Facebook account, or executing a cross-site scripting attack against themselves, has it's equivalent at Vkontakte: hxxp://

Here is a screenshot of the page translated into English:
Scam site
The site claims to be an official Vkontakte application (with a .in TLD!). The page uses the same logo, layout and colors as the official site. The fake user testimonials explain that they have found likely lovers checking out your profile.

You need to give your ID or profile link (no password required) to let the "app" figure out who is viewing your profile:
Form (translated in English) to enter user ID
I inserted a fake name (in English) and the app miraculously found 7 people who had looked at my profile!
Name of people who visited by non-existent profile
Before I had time to click on any links, I was also asked to enter my cell phone number to ensure that I was indeed a human:
Phone number must be entered

This is where the Russian scam differs from the Facebook scam. In the US, scammers try to get users to fill out surveys, install spyware or try "free" offers. In Russia, as shown in other scams, scammers make money by sending SMS messages with a surcharge.
form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.