Facebook comments sections on Buzzfeed, ESPN, and Huffington Post articles have become a popular target for scammers spreading links to spyware and adware, including tech support scam pages, in recent months.



Figure 1. Facebook comment on Buzzfeed promoting free movies

Popular articles promoting popular shows like The Walking Dead, celebrities like Jennifer Lawrence and Amy Schumer, and sporting events like the NBA Finals and the Women’s World Cup have been targeted.

There’s no such thing as free

The scam comments on these articles claim to offer free access to movies that have recently been released in theaters like Jurassic World, Minions, Terminator Genisys, and Ant-Man. The idea of being able to watch a high-definition version of a movie currently in theaters is used as a lure that scammers hope will pique the curiosity of people reading the articles.



Figure 2. Facebook comments on ESPN promoting free movies

If a user clicks on one of these links, they’re redirected to a site that claims to host the advertised movies. And people are clicking these links; one link that claimed to let users watch Ant-Man for “free” received nearly 5,000 clicks. Attempting to play the video results in a redirect through a site called AdCash, an international advertising network that has been known to host advertisements that are malicious. In this case, the site redirects users to known technical support scam sites.



Figure 3. Watch Ant-Man for free? Not quite

Improving upon technical support scams

Technical support scams aren’t new. Back in 2010, we detailed how these scammers were cold calling people. Nowadays, the scammers no longer cold call. Instead, they buy up ads and use scare tactics to convince victims to grant them access to their computers. These scare tactics may display a pop-up that claims that a virus has been detected on the compromised computer or device, or that the computer or device’s operating system has crashed. The pop-up may also include fake information about how the victim can solve the problem.

The AdCash redirects, mentioned previously, lead to technical support scams not only for Windows systems, but for Apple’s Mac OS X computers and iPhones.



Figure 4. Fake Apple support warning message on fake Apple website



Figure 5. Fake Apple iOS Crash warning

In addition to a graphical warning message, one website loaded an .mp3 with an “Important security message” advising the user to call the number on the website to be guided on how to remove the “adware, spyware, virus” from the computer.

We've included the .mp3 file of the fraudulent security message in this blog to further help people identify the scam.

Your browser does not support the audio tag.

Faking pages and editing comments

While investigating this particular scam, we observed a few interesting tactics that scammers used. First, the original comment posted to Buzzfeed, ESPN, or Huffington Post was scam-free. Five to ten minutes after posting the original comment, the scammers would edit their comment and include the blurb about free movies along with links to those movies. This may have been done to evade some automated spam filters.



Figure 6. Comments edited by the scammers, perhaps to evade filters

Lastly, the scammers used fake Facebook accounts as well as Facebook pages. We found that many of the likes and comments on these posts originated from Facebook pages because they have the ability to interact and participate.



Figure 7. Fake Facebook page setup as a “Concert Venue”

For example, one of the commenters on an ESPN article turned out to be a Facebook page for a concert venue.

Be skeptical of “free stuff”

If you’re an avid follower or reader of any of these popular websites, watch out for comments advertising anything for free. Even if people like the posts or leave positive comments about it, more often than not it’s a scam.

Finally, if you receive an alert or warning that your computer is infected with malware and that you need to call a toll-free number to have someone fix it, don’t call the number. These types of scammers aren’t really technical support agents and will try to upsell you on a clean-up service. Don’t buy into this. Instead, use reputable security software and be sure your operating system and software applications are fully patched and up-to-date.