Right now there's a campaign ongoing on Facebook where fake invitations are sent to users that claim to be about "Lindsay Lohan Leaked Celebrity Sex Tape", "Lindsey Lohan Just Leaked Having a THREEWAY on Camera" or variations on this theme. Websense customers are protected with our ACE technology.
Invites using different spelling of Ms. Lohan's name exist as well, such as "Lindsey Lohan Just Leaked Sex Tape". As with a lot of malicious campaigns on Facebook which rely on social engineering (which is pretty much all of them), it's sometimes astounding to see how people can fall for them, but they do. Social engineering on a social networking site is unfortunately a powerful combination. In the following screenshot, 8 people have accepted the fake invite and 12 are maybe coming. All in all we've seen hundreds of different invitations being sent around.
The information on each invite is not the same every time, but the common theme is that they all contain a TinyURL link which redirects to the following page:
When clicking on Login the following popup appears so it seems like the actual payload is not available.
While the payload is not available at the time of writing, it could be made available at any time. We will keep monitoring this and update the blog post if we see any developments.
Thanks to Fa7her for sending us this tip.
This attack eventually was changed, activated and later killed again. When it was working it lead to a page showing a video from YouTube. It also tricked the user into installing a Facebook application that, when the user selected to install the app, created an event in your name similar to the screen shot in the beginning of this post. Lastly, it redirected the user to a survey, tricking the user into giving away personal information.