Tag Archives: Facebook spam

Fake Promo Alert: Free Netflix access due to COVID-19 quarantine

You may have seen a couple of your friends sharing a link to an on-going promo of Netflix wherein users can enjoy free two months of premium subscription to keep everyone busy at home and comply with the government’s mandate for enhanced community quarantine due to the COVID-19 pandemic. It is quite tempting to some who are really getting bored already. However, the promo is fake.

Netflix did not release any similar promo recently. They do have free trials but according to their website, it is currently not offered in the Philippines.

Cyber Security Philippines – CERT, the first computer emergency response team in the country, already released an advisory to update the passwords of those who have already clicked the link.

What does it do?

Those who fell victim to this scheme would initially be redirected to a Facebook login page where it would show you the name of the entity you’re giving access to your social media account and the information that they would collect.

Based on the screenshot, the third-party application is called NeTflix (you’re right, it’s spelled correctly but it’s obviously not how Netflix write their brand) with a logo not updated and a privacy policy that redirects to a certain flixflix[.]xyz domain which is not related to the real corporate site of Netflix.

Further checking the information that this app would be getting from your Facebook account shows that it would only collect your name and profile picture. It also explicitly says that the app won’t post anything to your account.

If you continue to allow the app to have access to your account, you’ll be alerted by Facebook that the app logged in on your behalf. So far, at this point, we know that this malicious Netflix app could login to our Facebook account and keeps records of our name and profile picture.

If you’re purely innocent and just after the free Netflix access, you would answer the simple questions that flixflix[.]xyz (the website where you will be redirected after) will prompt you to do. Upon completion, it would ask you to share this promo to your friends (at this point, you will be redirected to another domain called flixa[.]xyz). This would just help spread the fake promo without you getting any access to that promised premium Netflix account.

Note that the malicious domains involved also varies from time to time. When we did our next test, the domain changed to flixu[.]xyz although the content remains the same. The IP address where all these domains are hosted belongs to Passive DNS replication revealed hundreds of malicious domains. The most recent ones are related to Netflix scam (around 16) and COVID-19.

What to do?

If you’re one of those who clicked the link and allowed access to your Facebook account, update your password ASAP. Also, make sure to remove the app from your account by going to Settings > Apps and Websites then look for NeTflix. Tick on the box next to View and edit then click Remove.

If you have extra time, report the app directly to Facebook in hopes that they would take it down the soonest.

You can also report this to NBI Cybercrime Division online.

On our end, we have already reported the associated domains to security vendors for blocking. Better to ensure that your antivirus software are also updated.

Netflix Photo Credits: adweek.com

Related Posts:

Spicy Noodle Challenge Casualty Facebook Spam

You and your friends may have tried to do the viral spicy noodle challenge. You may have been dared by someone to record yourself while eating the spicy Korean noodles and have it posted on your Facebook account. The trend just keeps on as you tag your own circle of friends to do the same. For some, they just really want to try if they can really keep up with the challenge.

This viral activity though is now being used as a click bait campaign to harvest Facebook credentials as soon as the victim tried to play the supposed YouTube video.

These attempts to get your social media accounts will have more variants in the future as long as users will continue to fall victims. Awareness is the key to keep yourself away from these attacks.

Related Posts:

Duterte Facebook spam emerges

In just a short period of time, the newly elected president of the Philippines is making a huge noise especially now that he’s targeting every single drug user and pusher in the country. With this recent move, it’s not surprising that he’s name is always on the headlines.

However, President Duterte is not only topping the headlines of various news and media outlets. Digong, as most of his supporters fondly call the president, is also a favorite of netizens making him a subject for spam-related attacks.

The latest Facebook spam that we have encountered involves Duterte. Similar to other click-bait campaigns in social media platforms, Duterte’s Facebook spam makes use of catchy photos and caption. Look at a sample screenshot below:


The spam post lures Facebook users that it would show them the president’s sex video but when clicked, it would redirect them to a page where it will ask for their Facebook credentials. See the landing page below:


If the users went on entering their Facebook user accounts and passwords, they have just successfully offered their accounts to the culprits.

This phishing attempt that uses Duterte is just one of the many Facebook spam posts that are now emerging online. It is best to check the sites where you’re being redirected to if you have clicked on similar posts or better yet, avoid clicking such items on your news feed.

Related Posts:

New Facebook spam features Baron Geisler vs Kiko Matos URCC fight


To make sure you’re capturing the right audience, you have to be where they are. That’s precisely what spammers are doing. Social media is now a target platform for these people as they use the viral subjects to leverage their attacks.

The recent bout between celebrities Baron Geisler and Kiko Matos has been a much talked about topic specially in Facebook. Their URCC fight at Valkyrie last Saturday night was streamed online and a lot of netizens were following the latest updates of their fight via social media.

Like any other viral topics, spammers know how they can lure netizens by using catchy and legit-like titles and photos. The innocent netizens are then exposed to contents that are malicious in nature upon clicking on those spammed feeds.


We checked on one of the related spam links and discovered similar techniques from old reported Facebook spams. It will redirect you to a page that has a video to watch the fight but before doing so, you have to share the article to your Facebook account. This will only get your friends victimized too as the video won’t play even after sharing it multiple times.


When we checked on the homepage, all other viral videos are there but like the first video we first investigated, it will ask you to share it first before playing the other videos they have collected.

By the looks of the site, it seems like they are not into spreading any malicious files but they could easily do this should they wish to. The site was most likely created for ads where the creator/s can make money out of the number of people visiting their site.

This is just plain annoying but how can we stop this kind of scrap over the internet? Make sure to share only articles from reliable sources. You also have to make sure that you have an updated antivirus software installed both on your computer and mobile phone to initially block all these kinds of sites. If it’s not yet blocked, report it to your antivirus support immediately so it won’t victimized others too.

Related Posts:

Facebook Spam: Jordanian pilot burned by ISIS alive


When Fox News decided to publish and host the video showing how ISIS militants burned the captive 27-year-old Jordanian pilot Lt. Moath al-Kasasbeh to death, it instantly became viral. However, other news organizations did not follow what Fox News started as they chose to use still photos from the said video when reporting about it. YouTube promptly deleted the said video as well from their platform.

This incident prompted the Middle Eastern nation to hit back and even vows to destroy ISIS.

All because there’s a huge surge of viewers looking for the 22-minute viral video online, spammers are then using this to attract traffic to their website. Clicking on the spammed post leveraging on the disturbing ISIS video may also lead to download malicious files or redirect users to phishing sites.

As we always say here, please refrain from clicking and sharing unfamiliar and unverified links to avoid spreading any spam on your timeline, your friends’ or having your computer and devices infected with a virus.

Related Posts:

Old Facebook spams continue to spread in 2015


It’s already 2015 and yet some Facebook users are still not aware that there’s absolutely no way that an app can share an information about the list of those who checked or viewed your profile and changing your Facebook skin.


These spam variants were already reported to Facebook before. The social network also denied any claim that would allow users to track his profile views. It even encouraged everyone to report such claims as these might cause malware infection or any other security breaches.


Also, there’s no way users can change the skin or layout color of their Facebook profiles. Again, this is another hoax that unfortunately people still fall into. Facebook will remain blue until Mark Zuckerberg says otherwise.


The next time you received a request inviting you to change your Facebook skin or check who viewed your profile, ignore them. Or better yet, report it to Facebook directly and let your friends know as well.

Related Posts:

Dead kid wakes up at own funeral spreads as Facebook spam


The most recent local news about a kid waking up at her own funeral in Zamboanga del Sur made rounds in the social network landscape. The news is trending enough for spammers to leverage on it on their recent click-jacking attack.

We recently stumbled to this Facebook spam featuring similar news about a boy waking up at his own funeral. Further research leads to an old news where a dead boy sit up and asked water at his own funeral in Brazil. The news back in 2012 was resurrected recently after a similar event happened in the Philippines and is now a hot topic online.

The spam mimics Facebook layout with an image of the video. Users won’t be able to watch it unless they opted to like a certain page.

Make sure that you verify the links and Facebook pages before clicking and ‘liking’ them or you may find your account spamming your friends the next time you log in.

Install an antivirus software as well on your devices where you are browsing your social accounts to block dangerous links and downloads.

Related Posts:

‘Facebook accounts to be permanently disabled’ spam


Looks like every week, a new variant of Facebook spam is preying on the 1.28 billion users of this social network platform. After the Facebook Chat verification scam and ‘How to get your friend’s Facebook password’ scam, a similar technique is being used in this week’s version of the same web threat.

The spammy post is asking users to register by following a list of instructions so as not to permanently disable their Facebook accounts.

Using Pastebin where the spammer posted codes asking users to copy it and then paste it on the web browser console, friends of the Facebook account that followed these steps will be auto-tagged on the comment section of the page where this instruction originated from. Looking at it, the Facebook Page is pointing to ‘FB Mark Zuckerberg’ which is obviously not the official page of the Facebook founder. The said malicious Facebook Page, per further checking, was just created on May 2 and has garnered 10, 927 likes as of this writing because of this spam.



This attack is obviously small time but still, a huge number of people are still falling for it. We advise everyone to report the said post and Facebook Page to avoid further spreading the spam.

Related Posts:

Anne Curtis’ jellyfish incident used in Facebook video spams


Anne Curtis who plays the role of ‘Dyesebel’ on its latest remake in ABS-CBN has been the subject of entertainment news in the last  couple of days after being stung by a box jellyfish when taping the said primetime series.

While the actress has been reported to have suffered from rashes all over her body and was in pain, she’s now on the road to recovery. She even tweeted to update her fans who have been sending ‘get well soon’ messages.


However, the news may have been so popular that spammers are now leveraging on it. In Facebook, a video spam with a screenshot of the actress’ body is widely being shared on numerous accounts.

Similar to the other Facebook video spams that we have reported last month, the spammers are only using the trending news and videos so users can ‘like’ their page before playing it. In the end, the victims won’t be able to play the supposed trending video.

Facebook users are being warned to be cautious when clicking on trending video links in the social network. Also, users are advised to update their antivirus software both on their computer and on their smartphones/tablets to continuously protect them from all types of web threats. If you don’t have an antivirus yet, download Titanium Maximum Security (for Windows; for Mac) or Trend Micro Mobile Security (for Android; for iOS).

Disclosure: The author works for Trend Micro but this blog is not connected to the company in anyway nor do they have control over the articles that are published.

Related Posts:

Facebook video spams trick users to ‘like’ certain Facebook Pages


Almost everyone has a Facebook accfacebook spamount. With the availability of data connection in almost every device nowadays, we can now easily share news without having it verified. These shared statuses may come in a form of texts, pictures and even videos. And because we’re all curious in almost everything, spammers are leveraging on this innate curiosity and with Facebook by creating catchy, controversial hoax videos.

facebook spamAs spammers are now getting sophisticated in their techniques,  using interesting hoax videos to lure users in ‘liking’ and ‘sharing’ their page is easier than creating a traditional spam mail which will just be detected by all the top antivirus software.


How does it happen? Spammers will share a catchy video in Facebook. Users will then check it out by clicking on it. It will then lead them to a fake website where they’re supposed to play the video. But, before doing so, users will be asked to ‘like’ a certain Facebook Page and ‘share’ the video on their timeline. In the end, users won’t be able to play the video. Only then they’d realize that they’ve just been spammed.

Using the social network platform as an ideal channel to propagate malicious threats is the new way of spamming online. Imagine getting hundreds of new and active Facebook users daily as your page’s subscribers by just leading them to a trending fake video. That’s flawless!


The only way spammers could get caught on this technique is when users report their malicious pages and activities with Facebook, and when the top security software companies blocked the associated links on the fake videos.

Disclosure: The author works for Trend Micro but this blog is not connected to the company in anyway nor do they have control over the articles that are published.

Related Posts: