 | |
| |
| 26 May 2010 | |
| Win 7 Ultimate 64-bit. SP1. 1,236 posts | MS Threat Research & Response Blog Quote: Let’s Celebrate Best Buy's 20th Anniversary Last week, I was checking my Facebook account and noticed I had an Event Invitation from a fellow security researcher. Very intriguing. This friend is a world traveler and doesn’t currently reside in the United States, but the Event Invitation was for a Free $1000 "Best Buy gift card to celebrate Best Buy’s 20th Anniversary". Alarm bells started ringing and I knew it had to be a scam. But let’s take a look...  There was no reason I could think of why they would use a ******* URL unless they didn’t want people to notice right away that it wasn’t a Best Buy site. This way, people are forced to click through. (There are good reasons for using *******. For example, a medium such as Twitter restricts the size of your entry. Or you have a legitimate need to obfuscate the URL.)  The first thing I noticed was: "AmazingFreeRewards.com is not affiliated with Best Buy®, Inc." ALL of the links on this page return you to this page, except for the Gift Status link that requires a login, a login that you would create if you followed the process through to that point. Thus, there is no Privacy Policy nor any other information available. But if you enter a ZIP code, you will be transported to…  All the links here react similarly as the previous page (see tabs; returns or requires login). But look at all the information they want. Those are many data items that qualify as Personally Identifiable Information (PII) for which a Privacy Policy is required because there are legal ramifications for their inadvertent dispersal. (I hesitate to call them legal protections as all we get is notification.) Let’s Celebrate Best Buy's 20th Anniversary - Microsoft Malware Protection Center - Site Home - TechNet Blogs |
My System Specs | |
| 26 May 2010 | |
| Windows 7 Ultimate 32bit SP1 7,143 posts | Excellent post!  Quote: There was an Event on Facebook. Friends are giving up their friends' personal data by RSVPing to the offer. Almost 10,000 people gave this company all their Facebook info about themselves and their friends. This company has possibly accumulated over one-third of a million email addresses for its future spam campaigns, or perhaps it plans to sell the list to other spammers. Such a list is worth more than a couple thousand dollars. Pretty good returns for the creation of a Facebook Event. |
| My System Specs |
 |
MS Threat Research & Response Blog problems?
« Report: Facebook caught sharing secret data with advert
|
Visual Studio 10 will compile native MacOSX, iPhone and iPad code »
| Thread Tools | |
| Similar help and support threads for: MS Threat Research & Response Blog | ||||
| Thread | Forum | |||
 SSD Research help | Hardware & Devices | |||
| Win 7 research | General Discussion | |||
| Microsoft Research AutoCollage | Music, Pictures & Video | |||
| Permission Research virus | System Security | |||
All times are GMT -5. The time now is 09:08 PM.
