With over 400 million monthly active users, Instagram is one of the most popular mobile applications. Symantec is warning users to be skeptical of unsolicited likes or follows from fake profiles.
Senior Security Response Manager, Satnam Narang posted a comprehensive blog where he observed a steady increase of these fake profiles that use photographs stolen from legitimate profiles, feature three variations to follow users, and like photos. Through these interactions, they lure users to their profiles to earn a commission through affiliate links to adult dating websites.
In November Instagram users began to notice likes and dislikes from unknown users – they may have stolen photos, use provocative and suggestive words to entice you to click on a link to meet up with them.
The link takes you to a fake landing page – usually an Affiliate program that links to a dating site.
Now on to Dropbox and Google+
Narang also blogged that Symantec has observed spammers abusing email notifications from file-hosting services such as Dropbox and social networking sites such as Google+ to evade spam filters and to drive users to adult dating websites with affiliate payout programs.
Despite the contents of the message containing a wall of text along with links, the fact that they originate from a Dropbox or goo.gl email address makes it likely to bypass spam filters.
The end game - Adult dating and webcam spam
The driving force behind the abuse of these notifications is to lead users to adult dating websites with the promise of video chats and sex. This starts with the scammers enticing users to click on the link in the body of the spam message. Once a user clicks on one of these links, they are led to landing pages that contain affiliate links or redirect users to another site using an affiliate ID. These affiliate links and redirects lead to adult dating websites.
The end goal for the scammers is to convert recipients of the spam message into users of one of these adult dating websites. If a user signs up, the affiliate is paid for this conversion. For referring a new user to the site, an affiliate could be paid between US$2 and $6 for each conversion.
The harm – increased spam, emptying of the wallet and dashed hopes.