- File under ‘…really, Amazon?!’
In another example of Amazon’s AWS abuse detection failing spectacularly, likely the same culprits behind last week’s Tesco Voucher Giveaway scam have targeted Facebook users again — this time with a “Timeline Removal Plugin” scam.
The scam seems to function thusly: victim clicks the link from a previous victim’s event,Â creates a Facebook event with the same TinyURL in the Event description (containing a link to a Google Translate-wrapped AmazonAWS link) and so the cycle repeats. This doesn’t involve the sharing feature, probably a technique Facebook locked down after last week’s abuse.
Here are some screenshots of what will appear in your feed when a friend falls victim…
The TinyURL link at the moment is TinyURL.com/8f8zenj , which I’ve already notified as being abusive and should be shut down. However, as it’s trivial to set a new link up, this will likely spread with various shortening services’ URLs.
For reference, the TinyURL link redirects to this URL:
http://translate.google.com/translate?hl=en&a mp;rurl=www.google.com&sl=ar&tl=en&am p;twu=1&u=http://s3.amazonaws.com/timelin eremoval/index.html?wall&9e99t
I strongly suggest you don’t visit that link unless you fancy spending the rest of your Bank Holiday disinfecting your computer…! (or worse, divulging your Facebook password & list of contacts to person(s) unknown.)
If you want to stay secure when clicking blind through a shortlink, if the link is a bitly.com / bit.ly link just add the “+” symbol to the end of the URL (e.g. http://bit.ly/abc123+ , where the original URL ended abc123). For TinyURL, you can enable a cookie-based interstitial preview page feature from the TinyURL site, http://tinyurl.com/preview.php, which I highly recommend (some webpage-based scams will attempt to autoredirect you to a shortened URL when you visit the first page, this has happened to me before).
I also recommend you report this to Amazon AWS as an abuse of their hosting services, details for that are at the bottom of http://portal.aws.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse.