Spam Campaigns Abound on Tumblr

CLEARWATER, Fla., June 7, 2012 /PRNewswire/ — GFI Software today released its VIPRE® Report for May 2012, a collection of the 10 most prevalent threat detections encountered last month. In May, GFI threat researchers observed a number of attacks focused on Tumblr® users including two spam campaigns centered around a fake “Tumblr Dating Game” which lead to surveys, fake advertising spam asking for personally identifiable information in exchange for ad revenue generated by the victim’s tumblelog, and a phishing site posing as the Tumblr login page. Cybercrime campaigns were also seen targeting Google PlayTM users searching for AndroidTM apps.

“Tumblr continues to be a site that is well-trafficked by cybercriminals looking to victimize micro-bloggers with minimal effort,” said Christopher Boyd, senior threat researcher at GFI Software. “More and more, cybercriminals are exploiting the familiarity of terms and images in order to distract the victim from the dangers that are present as they sign away their personal information and click on links that lead to nothing but trouble.”

Multiple rounds of spam were encountered on Tumblr during May which directed users to a phony dating site that included pop-up ads meant to generate cash for the spammers whenever a user unwittingly signed up. The fake dating site and the spam that directed users to it were rife with pop culture references including internet memes and an allusion to a slogan used by the British government during WWII which has become a popular catchphrase in recent years. These references were meant to fool potential victims into thinking the sites were legitimate and associated with internet content that they viewed as familiar.

Elsewhere, shoppers at Google Play looking for Android apps, e-books, movies and music files were faced with a large number of spam applications designed to lure users into installing them by exploiting the brand recognition of popular movie franchises, musicians, video games and stores. Each of the malicious apps spammed the victim’s mobile device with surveys and advertising offers while failing to perform functions as advertised.

Leave a Reply