A message on Facebook that appears to be from a person in the user’s friend list, invites people to click on a link that is supposed to show a video of two little human-like creatures. Many users trust the link since it has been sent from a friend, and get trapped into a survey scam.
Users Asked to Complete an Online Survey
Cyber crooks constantly try to figure out new topics that would help them attract more users into their scams. This time they have chosen an image of a person that seems to examine two small creatures with human looks. Additionally, the hackers provided information that is used to lure the regular user into clicking on the picture. They point out that that the humanoids are 12 inches big, which makes the story quite catchy. Actually the two human-like creatures are sculptures, and the alleged “scientist” that seems to expect them is nothing but the artist himself.
Hoax-slayer reveals that the moment the user accesses the URL, he gets redirected to a fake Facebook page that is seemingly full of messages from other people who saw the video. But if you take a closer look to the page, you will discover that it is mostly full of pictures and not actual content. The last part of the scam asks the user to participate in some survey just before he can actually view the video. This seems to be the actual purpose of the whole campaign.
Article Update (as of October 6th, 2015)
Why Is The Small Humanoids Scam So Effective?
The main reason the Facebook Scam is so effective is in the cleverness of its design. It mainly involves a picture with a play button that resembles an actual video in Facebook. However do not be fooled because Facebook provided videos are likely to run automatically without sound without pressing any play button on them.
When users click on the scam it may redirect them to a third-party site, that may extort them to complete a ‘quick’ online survey in order to watch the video.
What is worse, users are being asked to fill the survey on a third-party domain. Suspicious third-party sites are also known to conduct online scam attempts, insert tracking technologies like cookies on the user PC and even infect the user PC with malware.
The reported domain associated with the scam, containing the survey may only be one, however there may be other domains that prompt different actions in order to watch the video, such as the Facebook Virus, called Youtube Ex, for example.
This particular scam may also involve the install of replica files of video plugins such as java or adobe flash player. Before you install a file, always make sure you scan it with you anti-malware software so that you identify whether or not it is dangerous or not for your system. Some replicas may either contain adware programs that administer heavy advertised content. It may also contain malware that may infect your device and either delete your data, steal it or extort you for it.
What is even worse is that the scam may also redirect to domains which infect smartphones too. What it may do to a phone varies, depending on what it is designed to do. Some malicious sites collect information regarding the type of device so they ca provide relevant ‘plugin’.
- Obtain the contact list of the user.
- If the device is running with different Apple, Google or Microsoft accounts, it may collect their credentials.
- Collect saved passwords in the device itself.
- Obtain all of the device’s chat logs (Meessages from apps, SMSs, etc.).
- Tap into the device’s hardware (Microphone, Bluetooth, GPS, Wi-Fi card , etc.).
- Modify and manage the devce’s apps and widgets.
- Manage the phone’s sim card (conduct calls, send messages).
It really depends on the domain. Some domains that are transferred by scams such as these may be completely legitimate domains looking for a way to generate traffic on their sites. However some, may be very dangerous and this is why users are advised to always check carefully for external web links in sites such as VirusTotal or simply not to open such and to search for the same video on reputable sites such as Youtube, dailymotion or others.
What Gives the Scam Away?
Users should be extra cautious when they see “breaking news” messages sent from someone in their friends list. They should verify the source before they follow the provided links. If the sensational information is not covered by online media, you can be more than certain that the publication is only used by hackers to earn some cash.
A red flag is also the fact that there is a requirement to share the information before it has been verified. And although an online survey may seem harmless to most of the users, the cyber crooks often require personal information, for example, email address or phone number that can be provided to third parties for advertising purposes or sold to other hackers and later used in spam or phishing campaigns.
How to Remove Malware Related to The Facebook Scam?
In case you believe that you may have downloaded any file on your computer or installed any apps in your smartphone, related to the Small Humanoids Facebook scam, make sure you follow the instructions below in order to detect and remove them. What is more, you should have a relevant protection that safeguards your device before any downloaded files on it are even installed.
Also, in case your Android device has been affected by files associated with this scam, make sure to check out the tutorial for removing Facebook Viruses here. It also contains more information on what you might be dealing with
Step 1: Start Your PC in Safe Mode to Remove Small Humanoids Facebook Scam.
Removing Small Humanoids Facebook Scam from Windows XP, Vista, 7 systems:
1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.
– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.
3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account
While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.
Removing Small Humanoids Facebook Scam from Windows 8, 8.1 and 10 systems:
Whilst holding down Shift button, click on Power and then click on Restart.
A menu will appear upon reboot. You should choose Safe Mode by pressing its corresponding number and the machine will restart and boot into Safe Mode so you can scan for and remove Small Humanoids Facebook Scam.