Incident Response, TDR, Threat Management

Scammers exploit interest in NBA finals to spread Facebook spam

Share

As the end of the National Basketball Association (NBA) season approaches, security researchers are warning Facebook users about a spam campaign thriving off of mounting interest in the final games.

Satnam Narang, a security response manager at Symantec, started to see on Sunday a malicious campaign consisting of messages falsely advertising free streaming videos of this week's live finals.

The spam also includes a link to a Tumblr page hosting the “live streams,” where users are instead asked to install a Facebook application called “NBAFinals.” This app asks users to access their Facebook profile information, including their friends list and email address – and even posts messages on their timeline, further spreading the spam.

Scammers make money from the campaign by redirecting users from the Tumblr page to a plugin install page where affiliate advertisers track traffic.

According to Symantec, Tumblr has removed the pages used in the scams. The security firm also reported the campaign to Facebook.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.