One of the recurring web spam themes I saw in 2011, was the "Work from home and make $X,000/month" scam. In some variations of the well-known and well-used scam, websites are set up to look like a well-established newspaper with a front-page (
fake) article about making a lot of money from home.
Here are a few examples I saw earlier this year (now offline):
 |
| Fake NBC website at hxxp://news11bizopp.com/landing.php |
 |
| Fake news site at http://www.nbcnews43.com/?news/articleid=8351 |
The new scam I found this week included an interesting new trick and is still online.
 |
| Fake news site at hxxp://newsday7.com/ |
The site is set up like the previous scams - it claims to be an online, established newspaper, which displays an article about someone who is making a lot of money, working from home.
At the top of the picture, which shows a woman and a girl, on the right, you can see a Facebook Like button that says "
214,217 people recommend this. Be the first of your friends." Apparently, 214,217 went to his page and clicked on "Like", making this page look more legitimate.
At first, I thought this was a fake Facebook widget. But this is the real deal, as seen from the page HTML code:
 |
| Real Facebook widget (click on the image too see in full screen) |
There is however a trick. The "Like" widget does not point to hxxp://newsday7.com/, but rather to
http://www.facebook.com/CBS. As you can see in the images taken from the two websites, the number of Likes is the same:
 |
| 214,217 Likes on hxxp://newsday7.com/ |
Facebook allows you to embed any Like widget on any website, even if the domains or URLs do not correspond. Scammers are using this trick to appear more legitimate, by tricking visitors into thinking their website has been visited and liked by many people.
My guess is that this technique is very effective, and will be used more and more by spammers and scammers.
