“My name is Michael Westen. I used to not send spam.”
If you don’t recognize the (modified) quote, you probably are not someone who watches the USA Network show “Burn Notice,” the main character of which is a man named Michael Westen, who used to be a spy. It’s an interesting show, about which I might go into further later, but the reason I’m posting this now is that a Facebook spammer apparently got a hold of USA’s account and started sending links to everyone following their shows. The link was obviously not legit, both because of the post content, and because all USA shows were posting similar messages at the same time (none of which were related to their actual shows).
Out of curiosity, I decided to investigate the comments people were posting to the obviously spammy link (however it should be noted that I did not click said link). I wasn’t able to get many because, to their credit, either Facebook or USA figured out pretty quickly that someone else had gained access, and they removed the offending posts. All comments on the posts in question (on all the shows’ pages) vanished as well, but here are a few that I found amusing and was able to copy here before the spammy post on the Burn Notice page got “blacklisted.”
- No worries. Michael and Fiona will find the spammers and take care of them.
- will it show my trigger happy ex-girlfriend and family too, if I’m desperate?
- yea, michael can finally find who burnt his profile
- click it [repeated 290 times (literally)]
- VO: The thing you have to keep in mind about Facebook is there are phishers and spammers.
- Oh, Michael. Tell Fi to get the C-4. We’ve got spammers to teach a lesson to.
- Agents are always careful of passwords and security. Once an agency has been hacked you can no longer trust any data recovered. USA has been Burned!!!
In the same spirit, here’s my response to the initial spam post. Imagine it as a voice-over from Michael Westen, and feel free to let me know what you think (if you even know what I’m talking about).
Social networks are great places for “social engineering” attacks because people inherently trust messages they think are coming from their friends. Post a message with a link claiming to show them who’s viewing their profile, and their curiosity might just get the better of them. If that link sends them to an attack site which steals their login data, it can resend it to all their friends and the cycle continues. It relies on people being more curious than they are attentive, because as most people actually know: if it sounds too good to be true… …it probably is.
Originally published at myfaultgeek.com. Please leave any comments there.