Following the announcement of the 2014 Most Dangerous Celebrities™ earlier this month, our senses have been heightened to scams on the web involving Hollywood’s most famous. Well, it seems our fascination with lifestyles of the rich and famous have led us to yet another attack utilizing well-known celebs to spread malicious software (referred to as malware) across the web.
Case in point: a newly leaked video, purporting to depict Emma Watson, is spreading across the social web and across machines. That choice of celebrity wasn’t random. While Miss Watson wasn’t directly involved with celebgate (a recent incident in which stolen nude celebrity photos and videos were leaked across the Internet), she was a vocal critic of it. Watson’s criticisms, and well-received U.N. speech, may have instigated the Internet’s cave dwellers. She was also our 2012 Most Dangerous Celebrity.
This scam utilizes Facebook to trick victims into clicking on a malicious link. That link claims to show a private video of Emma Watson. Sufficed to say, the link does not actually contain a video depicting Miss Watson, but instead leads to a malicious website loaded with Trojans designed to steal your personal data and permanently change your browser settings.
How does it work?
Once the link is clicked, the masked Trojan releases itself onto your browser, allowing hackers to control web-browsing settings on the user’s behalf. This includes monitoring your permissions on Facebook, overseeing timeline posts and—you guessed it—posting comments with links riddled with malware. What’s worse? The scammers monetize your Facebook activity by automatically following and liking fan pages.
As with many social engineering scams, which manipulate users into taking action or giving up information, users infected with the malware end up marketing for the hackers behind the hoax—in this case, through automatic Facebook comments. Once the video has been clicked, victims will (unbeknownst to them) post comments containing the same malicious link and further perpetuate the scam. Site visitors are then prompted with an error message, alerting them to update their Flash Player in order to view the leaked video.
Word to the wise
The cybercriminals behind this stunt are flaunting the ‘Anonymous’ ethos—a popular online group which made a sport of attacking bank, government and various websites. The persons behind this attack may identify with the group (though they may not necessarily be a part of it) and are using that dark-web Internet credibility to “leak” private celebrity videos and trick users into making that fatal click.
How do I protect myself?
- Know the signs of an attack. Some social attacks are difficult to detect. Others, not so much. The more sinister and widespread social attacks usually try to divert victims to malicious websites or applications. If you see a suspicious website trying to pass itself off as a legitimate brand, then run away! You can also use web protection like McAfee® SiteAdvisor®, that warns you of risky sites before you visit them.
- Be wary of unsolicited messages. Social engineering attacks can be hard to avoid because they prey on the nature of trusting relationships. But crude attempts can be detected. If your friend who posted the Emma Watson video doesn’t usually share the latest in celebrity gossip, you should be suspicious. It’s always a nice gesture to alert friends of potential scams as well—they might not know their account has been compromised!
- Click Smart. Be sure to take caution when navigating links on social networks. Be suspicious of links to free content online, and check web addresses for clues—look for misspellings in URLs and other forms of typosquatting.
- Use comprehensive security. Protect your data and identity online with comprehensive security like McAfee LiveSafe™ service. The password manager included in this service keeps you in control of your account credentials, and keeps hackers away from managing your online profiles.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.