Christopher's Broom Cupboard Rotating Header Image

"Tesco" Facebook scam returns, as Timeline Removal Plugin

  • File under '...really, Amazon?!'

In another example of Amazon's AWS abuse detection failing spectacularly, likely the same culprits behind last week's Tesco Voucher Giveaway scam have targeted Facebook users again -- this time with a "Timeline Removal Plugin" scam.

The scam seems to function thusly: victim clicks the link from a previous victim's event, creates a Facebook event with the same TinyURL in the Event description (containing a link to a Google Translate-wrapped AmazonAWS link) and so the cycle repeats. This doesn't involve the sharing feature, probably a technique Facebook locked down after last week's abuse.

Here are some screenshots of what will appear in your feed when a friend falls victim...

The TinyURL link at the moment is TinyURL.com/8f8zenj , which I've already notified as being abusive and should be shut down. However, as it's trivial to set a new link up, this will likely spread with various shortening services' URLs.

For reference, the TinyURL link redirects to this URL:

http://translate.google.com/translate?hl=en&a mp;rurl=www.google.com&sl=ar&tl=en&am p;twu=1&u=http://s3.amazonaws.com/timelin eremoval/index.html?wall&9e99t

I strongly suggest you don't visit that link unless you fancy spending the rest of your Bank Holiday disinfecting your computer...! (or worse, divulging your Facebook password & list of contacts to person(s) unknown.)

 

If you want to stay secure when clicking blind through a shortlink, if the link is a bitly.com / bit.ly link just add the "+" symbol to the end of the URL (e.g. http://bit.ly/abc123+ , where the original URL ended abc123). For TinyURL, you can enable a cookie-based interstitial preview page feature from the TinyURL site, http://tinyurl.com/preview.php, which I highly recommend (some webpage-based scams will attempt to autoredirect you to a shortened URL when you visit the first page, this has happened to me before).

I also recommend you report this to Amazon AWS as an abuse of their hosting services, details for that are at the bottom of http://portal.aws.amazon.com/gp/aws/html-forms-controller/contactus/AWSAbuse.

Leave a Reply