The Legacy Sunbelt Software Blog

Here’s a supposed “Apple Store purchase” that has apparently been cancelled.

Click to Enlarge

I could imagine anyone feeling a little bit twitchy over a mail like that, but before you go racing off to cancel your credit cards and hide under the bed you should know that this is a total fakeout. Click the link, and you’ll be taken to a Viagra spam Wiki located at tabletrxdrugspills(dot)com:

Click to Enlarge

Not sure you can buy Viagra from the Apple Store just yet…

Christopher Boyd

Here’s a supposed “Apple Store purchase” that has apparently been cancelled.

Click to Enlarge

I could imagine anyone feeling a little bit twitchy over a mail like that, but before you go racing off to cancel your credit cards and hide under the bed you should know that this is a total fakeout. Click the link, and you’ll be taken to a Viagra spam Wiki located at tabletrxdrugspills(dot)com:

Click to Enlarge

Not sure you can buy Viagra from the Apple Store just yet…

Christopher Boyd

No matter how fun and interesting (not to mention newsworthy) Facebook is, the said social networking site has indeed become a haven to a motley of threats, from scams, to nasty apps, to phishing pages. Users who spent much of their time in there would probably be familiar with wall posts from friends or other contacts cajoling them to “see who is stalking you.”

We found a new version of such a post lurking on Facebook recently. In all respects, this “Stalker Tracker” is the same as its predecessors, from the link to where users can find it to displaying (You guessed it) surveys:

What makes this one personal, thus extra special, is not much about hinting on an unnamed “ex” but the somewhat-exciting-if-not-freaking-horrible possibility of that certain someone checking out your profile. Clicking the link found at the bottom of the spam post eventually leads users to profilespyxs(dot)info.

This website contains various other pages. It also has a redirect link to a Facebook page called “Profile Peekers” and a page designed to launch a survey. The “Profile Peekers” page has a section containing JavaScript code where visitors can readily copy from and paste into their Internet browser address bar. This code is responsible for posting the spam on walls, thus, spreading the scam further.

What sets this survey scam apart from the rest of its kind is the way it presents the survey to users. The initial page looks normal:

…until a second splash window is displayed so it sits on top of the first one.

So, what’s the implication of this one to unwary users? More money for the scammer and no reward of putting to rest the thought of whether an ex is viewing profiles or not. In other words, it’s plain ‘ol cake.

All this talk about stalkers and stalking on Facebook is not really a new thing. It was exactly two years ago when Gawker and a popular Facebook-centric site explored the possibility of stalking and wrote about it, which most certainly caused panic to users. The said social networking site had been quick to fix the matter, as one CNET report revealed, rendering the hacks in these sites ineffective and obsolete. Having said that, scams about stalking continue to be popular where Facebook is concerned—as you can see.

Since scams, spams, and other trickeries making rounds on Facebook are growing at an exponential rate, users must make an effort now to educate themselves about them in order to avoid being victims. Help yourself. Then, help your contacts by letting them know about these, too.

Jovi Umawing (Thanks to Christopher Boyd for additional research)

No matter how fun and interesting (not to mention newsworthy) Facebook is, the said social networking site has indeed become a haven to a motley of threats, from scams, to nasty apps, to phishing pages. Users who spent much of their time in there would probably be familiar with wall posts from friends or other contacts cajoling them to “see who is stalking you.”

We found a new version of such a post lurking on Facebook recently. In all respects, this “Stalker Tracker” is the same as its predecessors, from the link to where users can find it to displaying (You guessed it) surveys:

What makes this one personal, thus extra special, is not much about hinting on an unnamed “ex” but the somewhat-exciting-if-not-freaking-horrible possibility of that certain someone checking out your profile. Clicking the link found at the bottom of the spam post eventually leads users to profilespyxs(dot)info.

This website contains various other pages. It also has a redirect link to a Facebook page called “Profile Peekers” and a page designed to launch a survey. The “Profile Peekers” page has a section containing JavaScript code where visitors can readily copy from and paste into their Internet browser address bar. This code is responsible for posting the spam on walls, thus, spreading the scam further.

What sets this survey scam apart from the rest of its kind is the way it presents the survey to users. The initial page looks normal:

…until a second splash window is displayed so it sits on top of the first one.

So, what’s the implication of this one to unwary users? More money for the scammer and no reward of putting to rest the thought of whether an ex is viewing profiles or not. In other words, it’s plain ‘ol cake.

All this talk about stalkers and stalking on Facebook is not really a new thing. It was exactly two years ago when Gawker and a popular Facebook-centric site explored the possibility of stalking and wrote about it, which most certainly caused panic to users. The said social networking site had been quick to fix the matter, as one CNET report revealed, rendering the hacks in these sites ineffective and obsolete. Having said that, scams about stalking continue to be popular where Facebook is concerned—as you can see.

Since scams, spams, and other trickeries making rounds on Facebook are growing at an exponential rate, users must make an effort now to educate themselves about them in order to avoid being victims. Help yourself. Then, help your contacts by letting them know about these, too.

Jovi Umawing (Thanks to Christopher Boyd for additional research)

Click to Enlarge

Facebook is a strange place to be for Bin Laden. It seems you’re fated to be alive and dead at the same time, thriving like a kind of Schrodinger’s terrorist in an effort to generate affiliate cash for people who should really know better.

This time around, he’s alive and would like nothing better than for you to visit profilespyx(dot)com and fill in a survey.

Click to Enlarge

If you don’t want to fill in a survey, you can roll with the “Pay with a tweet” button, which lets you see the content in return for using the button to post a link on Twitter.

Whether you do that or “Get your Gucci on”, you’ll be directed to the content you’ve been waiting for. And by “content you’ve been waiting for”, I mean “random Youtube video from 2009”.

I guess Osama IS still alive, assuming you pretend you’re living two years ago – otherwise you’re probably going to be rather disappointed by this whole affair. The closing advice for this one is the same advice that could go at the end of all similar Facebook scams: “Don’t bother”.

Christopher Boyd

Click to Enlarge

Facebook is a strange place to be for Bin Laden. It seems you’re fated to be alive and dead at the same time, thriving like a kind of Schrodinger’s terrorist in an effort to generate affiliate cash for people who should really know better.

This time around, he’s alive and would like nothing better than for you to visit profilespyx(dot)com and fill in a survey.

Click to Enlarge

If you don’t want to fill in a survey, you can roll with the “Pay with a tweet” button, which lets you see the content in return for using the button to post a link on Twitter.

Whether you do that or “Get your Gucci on”, you’ll be directed to the content you’ve been waiting for. And by “content you’ve been waiting for”, I mean “random Youtube video from 2009”.

I guess Osama IS still alive, assuming you pretend you’re living two years ago – otherwise you’re probably going to be rather disappointed by this whole affair. The closing advice for this one is the same advice that could go at the end of all similar Facebook scams: “Don’t bother”.

Christopher Boyd

Ah, Tumblr. It calls itself a microblogging site but it’s not exactly like Twitter, nor is it a Facebook or a YouTube. It does a little bit of all three, actually, and for many Tumblr is in a league of its own.

What makes this site so awesome is its Reblog feature, where it allows users to post content—from text, images, videos, links, and audio files—to their own Tumblr walls with the greatest of ease. Reblogged posts are displayed in a way that shows a link to the content source (if specified) and the name of the Tumblr account where the post was reblogged from. Clicking a post allows one to view the number of people who overtly liked the post and who reblogged it from whom.

Such quick and efficient sharing normally does not exceed two clicks on a mouse—a function already being implemented by both Twitter and Tumblr—it is fairly easy for anyone to cook up something phony and tell everyone all about it. And as we all know, phony posts can spread like wildfire. Fake viral posts can be popular on social networking sites, which don’t have an easy reblog functionality (see the Simon Ashton spam posts from 2009), making a service like Tumblr a prime target for scams and viral spam.

Case in point, we recently came across a Tumblr post claiming to have originated from the Tumblr staff’s own blog. The post said something like this:

Tumblr is testing for inactive blogs so the URLs can be deleted and reused by new members In order to not lose your blog, you must reblog this post so that your name will be on the safe list.

Thank you for your cooperation,
David Karp, CEO

Notice how many times this had interacted with in some way—137,848 notes (which includes both comments and reblogs)—and it is still very much being passed around as we speak. Many of the original posts have since been deleted, but it’s going to keep coming back to life for a while.

Thankfully, some users figured out this scam sooner, but those individuals were firmly in the minority. Even then, those users had to reblog the message so they could leave their “This is fake” comment—a Tumblr restriction, you usually have to reblog to leave a comment—which doesn’t exactly help matters:

Clicking the source link found below the post actually leads to a short thank-you post for the community’s contribution to Tumblr’s own Japan relief efforts, not a “Dear John” note from David Karp himself. Just when you think you’re trying to be helpful, right? Well, it’s 100% fake.

Using Google to have an estimate of how many of these posts are currently floating around on Tumblr yields a number by the thousands still, which is sad indeed.

Pro tip: Never panic over something you have not checked the validity of first. This, I think, has become an unspoken universal rule that applies to everything you see and read online, because it is foolish to do otherwise.

We urge you to be wary of such scams and always check the original source.

Jovi Umawing

Ah, Tumblr. It calls itself a microblogging site but it’s not exactly like Twitter, nor is it a Facebook or a YouTube. It does a little bit of all three, actually, and for many Tumblr is in a league of its own.

What makes this site so awesome is its Reblog feature, where it allows users to post content—from text, images, videos, links, and audio files—to their own Tumblr walls with the greatest of ease. Reblogged posts are displayed in a way that shows a link to the content source (if specified) and the name of the Tumblr account where the post was reblogged from. Clicking a post allows one to view the number of people who overtly liked the post and who reblogged it from whom.

Such quick and efficient sharing normally does not exceed two clicks on a mouse—a function already being implemented by both Twitter and Tumblr—it is fairly easy for anyone to cook up something phony and tell everyone all about it. And as we all know, phony posts can spread like wildfire. Fake viral posts can be popular on social networking sites, which don’t have an easy reblog functionality (see the Simon Ashton spam posts from 2009), making a service like Tumblr a prime target for scams and viral spam.

Case in point, we recently came across a Tumblr post claiming to have originated from the Tumblr staff’s own blog. The post said something like this:

Tumblr is testing for inactive blogs so the URLs can be deleted and reused by new members In order to not lose your blog, you must reblog this post so that your name will be on the safe list.

Thank you for your cooperation,
David Karp, CEO

Notice how many times this had interacted with in some way—137,848 notes (which includes both comments and reblogs)—and it is still very much being passed around as we speak. Many of the original posts have since been deleted, but it’s going to keep coming back to life for a while.

Thankfully, some users figured out this scam sooner, but those individuals were firmly in the minority. Even then, those users had to reblog the message so they could leave their “This is fake” comment—a Tumblr restriction, you usually have to reblog to leave a comment—which doesn’t exactly help matters:

Clicking the source link found below the post actually leads to a short thank-you post for the community’s contribution to Tumblr’s own Japan relief efforts, not a “Dear John” note from David Karp himself. Just when you think you’re trying to be helpful, right? Well, it’s 100% fake.

Using Google to have an estimate of how many of these posts are currently floating around on Tumblr yields a number by the thousands still, which is sad indeed.

Pro tip: Never panic over something you have not checked the validity of first. This, I think, has become an unspoken universal rule that applies to everything you see and read online, because it is foolish to do otherwise.

We urge you to be wary of such scams and always check the original source.

Jovi Umawing

If you want to see the coolest retrieval of a stolen laptop ever, then congratulations because here comes Christmas.

Some not-safe-for-work language, but oh my – what a story.

Christopher Boyd

If you want to see the coolest retrieval of a stolen laptop ever, then congratulations because here comes Christmas.

Some not-safe-for-work language, but oh my – what a story.

Christopher Boyd

If you happen to go looking for Chaka Khan information (and come on now, who wouldn’t be doing that) then the first result you’ll see in Google is the Official Chaka Khan website. Unfortunately there’s a message from Google added to the listing: “This site may be compromised”.

Google has this to say about that particular notification:

“This site may be compromised” and “This site may harm your computer” warnings

To be clear, when our malware detection system classifies a site as potentially hosting malware, we show a “This site may harm your computer” message. When we believe a site may be hacked or compromised but have not detected malware, we display “This site may be compromised” as an alert. In both cases, our detection might not be perfect — we continually work on improving our system — but it would be wise to proceed with caution.

Not your regular “Look out, Malware everywhere” type warning – only that something may or may not have been tampered with. From the source code of the frontpage:

Click to Enlarge

You may ask yourself why lots of links to free webhosting are stuffed inside the code, and that would be a very good question. Quite a few search results exist for these links:

Click to Enlarge

If you check out the Site Advisor results for the official Chaka Khan website there’s a comment from January 19th complaining about exploits:

Followed link because of the McAfee green check-mark, and browser was immediately hijacked… it launched a different web page that was made to look like a virus scan called “av8scan”.

“AV8” would be Antivirus 8, a Rogue AV program. The links in the code currently present the user with a “Download here” splash screen, before taking them to an MP3 website:

Click to Enlarge

Elsewhere, those links in the Chaka Khan website code are being used for more general forum spam:

Click to Enlarge

If I had to guess, those links on the Chaka Khan site look like leftovers from whatever compromise potentially took place some time ago. We’ve notified the site owners, and hopefully they’ll clean things up a little bit.

Christopher Boyd (Thanks to Jovi Umawing for additional research).

If you happen to go looking for Chaka Khan information (and come on now, who wouldn’t be doing that) then the first result you’ll see in Google is the Official Chaka Khan website. Unfortunately there’s a message from Google added to the listing: “This site may be compromised”.

Google has this to say about that particular notification:

“This site may be compromised” and “This site may harm your computer” warnings

To be clear, when our malware detection system classifies a site as potentially hosting malware, we show a “This site may harm your computer” message. When we believe a site may be hacked or compromised but have not detected malware, we display “This site may be compromised” as an alert. In both cases, our detection might not be perfect — we continually work on improving our system — but it would be wise to proceed with caution.

Not your regular “Look out, Malware everywhere” type warning – only that something may or may not have been tampered with. From the source code of the frontpage:

Click to Enlarge

You may ask yourself why lots of links to free webhosting are stuffed inside the code, and that would be a very good question. Quite a few search results exist for these links:

Click to Enlarge

If you check out the Site Advisor results for the official Chaka Khan website there’s a comment from January 19th complaining about exploits:

Followed link because of the McAfee green check-mark, and browser was immediately hijacked… it launched a different web page that was made to look like a virus scan called “av8scan”.

“AV8” would be Antivirus 8, a Rogue AV program. The links in the code currently present the user with a “Download here” splash screen, before taking them to an MP3 website:

Click to Enlarge

Elsewhere, those links in the Chaka Khan website code are being used for more general forum spam:

Click to Enlarge

If I had to guess, those links on the Chaka Khan site look like leftovers from whatever compromise potentially took place some time ago. We’ve notified the site owners, and hopefully they’ll clean things up a little bit.

Christopher Boyd (Thanks to Jovi Umawing for additional research).

Amazon.com just did a very admirable thing — they admitted they had possibly mis-represented the actual quality of video delivered to me (not that I noticed or actually even cared), and they gave me a credit.

Hello,

As someone who has purchased digital movies or TV shows in high-definition (HD) from Amazon Instant Video, we wanted to provide you more information about how we deliver HD content. It is our goal to provide you an uninterrupted viewing experience without any video reloading or “buffering.” To provide you uninterrupted viewing we may lower the resolution of HD videos to standard definition during streaming playback. We do this if we detect that your Internet connection to our service may not be fast enough to support HD playback. For more information on viewing HD videos from Amazon Instant Video, please visit our Help page here: http://www.amazon.com/gp/help/customer/display.html?nodeId=200256920

Because you may not have been able to playback one of your rentals or purchases in HD quality, we have issued you a one-time Amazon Instant Video credit of $1 for each of the HD movies and TV episodes you have purchased from us for a total amount of $4. In order to apply the credit to your Amazon Instant Video account, please click here, http://www.amazon.com/instantvideo/hdcredit or copy the following link in your browser and follow the online instructions:

http://www.amazon.com/instantvideo/hdcredit

Once your credit of $4 has been successfully added to your account, it will be automatically applied to your future eligible purchases from Amazon Instant Video. Your credit will expire on May 3, 2012.

Thank you for using our service,

The Amazon Instant Video Team 

That’s truly remarkable.  Hats off to Amazon for doing the right thing.  It’s a lesson to all of us.

Amazon.com just did a very admirable thing — they admitted they had possibly mis-represented the actual quality of video delivered to me (not that I noticed or actually even cared), and they gave me a credit.

Hello,

As someone who has purchased digital movies or TV shows in high-definition (HD) from Amazon Instant Video, we wanted to provide you more information about how we deliver HD content. It is our goal to provide you an uninterrupted viewing experience without any video reloading or “buffering.” To provide you uninterrupted viewing we may lower the resolution of HD videos to standard definition during streaming playback. We do this if we detect that your Internet connection to our service may not be fast enough to support HD playback. For more information on viewing HD videos from Amazon Instant Video, please visit our Help page here: http://www.amazon.com/gp/help/customer/display.html?nodeId=200256920

Because you may not have been able to playback one of your rentals or purchases in HD quality, we have issued you a one-time Amazon Instant Video credit of $1 for each of the HD movies and TV episodes you have purchased from us for a total amount of $4. In order to apply the credit to your Amazon Instant Video account, please click here, http://www.amazon.com/instantvideo/hdcredit or copy the following link in your browser and follow the online instructions:

http://www.amazon.com/instantvideo/hdcredit

Once your credit of $4 has been successfully added to your account, it will be automatically applied to your future eligible purchases from Amazon Instant Video. Your credit will expire on May 3, 2012.

Thank you for using our service,

The Amazon Instant Video Team 

That’s truly remarkable.  Hats off to Amazon for doing the right thing.  It’s a lesson to all of us.

This is not good at all. Lastpass (the rather excellent Password management system) has potentially been compromised, and although the Lastpass team were quick to spot the shenanigans taking place they’ve advised users to change their master password (in fact, they’re intending to force password changes for all).

As the Lastpass team notes:

If you have a strong, non-dictionary based password or pass phrase, this shouldn’t impact you – the potential threat here is brute forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that’s immune to brute forcing.

This is why you don’t set your master password to “password”. Their swift response to the possible attack is rather heartening, so kudos for that. If you weren’t using a strong master password previously, take this as the warning shot that you really should do something about it next time you login to your Lastpass account.

Update: It seems many users are having issues logging in to their Lastpass accounts since changes were made to prevent unauthorised access. Here are some tips posted by users to the Lastpass blog, these may be useful to you:

1) For all of you who are affected by the  “Your account settings have restricted you from logging in from this mobile device.” problem: I was able to login with one of my One-Time-Passwords I had generated when I set up the account. I was then asked again to change my master password, but this time I was asked for grid authentication, and after passing this the change succeeded. – Anon

2) If you get this message: An error occurred while retrieving your accounts. Close all of your browsers, clear cookies and log in again. It worked for me. – Anon

3) Ok so I got pwned by this message: “Your account settings have restricted you from logging in from this mobile device.” and had to delete and recreate my account. Here is how I did it.

– Download Lastpass pocket -> https://lastpass.com/pocket.exe
– Run pocket.exe and login using your existing username and password.
– Export your stuff to a csv file
– Delete your lastpass account -> http://helpdesk.lastpass.com/account-recovery/ (4th option)
– Recreate the lastpass account by signing in at lastpass.com
– Using your lastpass browser extension -> Tools -> Import from -> Other -> Select “CSV” from drop down
-> Copy and paste the contents of the lastpass export csv file into the window and import everything. – Owais

4) Many users are reporting being locked out after a successful password change. It seems waiting from 15 to 30 minutes then trying again is doing the trick. I imagine half their userbase just turned up at the front door, which probably isn’t the best thing that could happen.

5) The website gets stuck at the login screen, looping round forever (or until you get bored and close the tab at any rate). Get around this by logging in via the Firefox plugin – you have that installed, right? – Thanks to Kurt Wismer for that one.

Christopher Boyd

This is not good at all. Lastpass (the rather excellent Password management system) has potentially been compromised, and although the Lastpass team were quick to spot the shenanigans taking place they’ve advised users to change their master password (in fact, they’re intending to force password changes for all).

As the Lastpass team notes:

If you have a strong, non-dictionary based password or pass phrase, this shouldn’t impact you – the potential threat here is brute forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that’s immune to brute forcing.

This is why you don’t set your master password to “password”. Their swift response to the possible attack is rather heartening, so kudos for that. If you weren’t using a strong master password previously, take this as the warning shot that you really should do something about it next time you login to your Lastpass account.

Update: It seems many users are having issues logging in to their Lastpass accounts since changes were made to prevent unauthorised access. Here are some tips posted by users to the Lastpass blog, these may be useful to you:

1) For all of you who are affected by the  “Your account settings have restricted you from logging in from this mobile device.” problem: I was able to login with one of my One-Time-Passwords I had generated when I set up the account. I was then asked again to change my master password, but this time I was asked for grid authentication, and after passing this the change succeeded. – Anon

2) If you get this message: An error occurred while retrieving your accounts. Close all of your browsers, clear cookies and log in again. It worked for me. – Anon

3) Ok so I got pwned by this message: “Your account settings have restricted you from logging in from this mobile device.” and had to delete and recreate my account. Here is how I did it.

– Download Lastpass pocket -> https://lastpass.com/pocket.exe
– Run pocket.exe and login using your existing username and password.
– Export your stuff to a csv file
– Delete your lastpass account -> http://helpdesk.lastpass.com/account-recovery/ (4th option)
– Recreate the lastpass account by signing in at lastpass.com
– Using your lastpass browser extension -> Tools -> Import from -> Other -> Select “CSV” from drop down
-> Copy and paste the contents of the lastpass export csv file into the window and import everything. – Owais

4) Many users are reporting being locked out after a successful password change. It seems waiting from 15 to 30 minutes then trying again is doing the trick. I imagine half their userbase just turned up at the front door, which probably isn’t the best thing that could happen.

5) The website gets stuck at the login screen, looping round forever (or until you get bored and close the tab at any rate). Get around this by logging in via the Firefox plugin – you have that installed, right? – Thanks to Kurt Wismer for that one.

Christopher Boyd

It goes without saying that the death of Osama Bin Laden has already generated a whole bunch of scams, malware and other junk.

Here’s another one.

Taking a cue from the “Osama shot down” video doing the rounds on Facebook are group pages pushing much the same thing. Example:

Click to Enlarge

It’s the old “paste this code into your browser” wheeze, although you’d think some of the 4,000+ people who “Liked” this would notice the code includes the word “Owned”.

Oh well.

Here’s the code:

Click to Enlarge

“Please wait 1-2 minutes without leaving the page until we process your picture”.

Call it a hunch, but I think we’re likely to see a survey pop up and see some spam posted to your Facebook profile.

Click to Enlarge

Well, there’s a shocker.

Please tell your friends not to fall for these scams (and you might want to let them know that pasting random code into their browser isn’t a great idea either).

Christopher Boyd

It goes without saying that the death of Osama Bin Laden has already generated a whole bunch of scams, malware and other junk.

Here’s another one.

Taking a cue from the “Osama shot down” video doing the rounds on Facebook are group pages pushing much the same thing. Example:

Click to Enlarge

It’s the old “paste this code into your browser” wheeze, although you’d think some of the 4,000+ people who “Liked” this would notice the code includes the word “Owned”.

Oh well.

Here’s the code:

Click to Enlarge

“Please wait 1-2 minutes without leaving the page until we process your picture”.

Call it a hunch, but I think we’re likely to see a survey pop up and see some spam posted to your Facebook profile.

Click to Enlarge

Well, there’s a shocker.

Please tell your friends not to fall for these scams (and you might want to let them know that pasting random code into their browser isn’t a great idea either).

Christopher Boyd

Whoosh!

That’s my impression of an aeroplane. Not very good, but then neither is this:

Click to Enlarge

Yes, the “two free tickets with Southwest airlines” scam from February is alive and well, bringing a “wall of shame” along for the ride in the process.

The scam goes as follows: random websites offer free tickets in return for messages posted to Facebook. Depending on who is running things, you may be directed to surveys or applications.

If you’re not logged in, the site will ask you to login with Facebook, Yahoo, AOL or Hotmail to leave a comment. At this point, you hit the “Comment” button and you end up on what is effectively a “Wall of Shame”, filled with users wondering where the tickets have got to.

Two posts in less than five minutes from one satisfied customer:

Whoops.

We tried posting to a wall, but this happened:

No free plane tickets for me, I guess.

There’s a lot of sites involved in this one, some up and some down.

swatickets(dot)info
swatickets2(dot)info
swamedia3(dot)info
611812525(dot)info
380airfare(dot)info
380airfare(dot)info
sw787(dot)info

The number of comments on each site ranges from a few hundred to a few thousand, with one clocking up 45,000+ since the site went live.

That’s very impressive, but for all the wrong reasons. Don’t fall for this.

Christopher Boyd (Thanks to Adam Thomas for finding this one).

Whoosh!

That’s my impression of an aeroplane. Not very good, but then neither is this:

Click to Enlarge

Yes, the “two free tickets with Southwest airlines” scam from February is alive and well, bringing a “wall of shame” along for the ride in the process.

The scam goes as follows: random websites offer free tickets in return for messages posted to Facebook. Depending on who is running things, you may be directed to surveys or applications.

If you’re not logged in, the site will ask you to login with Facebook, Yahoo, AOL or Hotmail to leave a comment. At this point, you hit the “Comment” button and you end up on what is effectively a “Wall of Shame”, filled with users wondering where the tickets have got to.

Two posts in less than five minutes from one satisfied customer:

Whoops.

We tried posting to a wall, but this happened:

No free plane tickets for me, I guess.

There’s a lot of sites involved in this one, some up and some down.

swatickets(dot)info
swatickets2(dot)info
swamedia3(dot)info
611812525(dot)info
380airfare(dot)info
380airfare(dot)info
sw787(dot)info

The number of comments on each site ranges from a few hundred to a few thousand, with one clocking up 45,000+ since the site went live.

That’s very impressive, but for all the wrong reasons. Don’t fall for this.

Christopher Boyd (Thanks to Adam Thomas for finding this one).