You all know about such an abstract thing as "freebie."
The opportunity to get some thing for free, even if unnecessary, collects entire forums of like-minded people on the Internet. Some of these proposals require some active actions, such as registration, passing tests, data entry. And for the most part it is a mutually beneficial exchange both for the company (obtaining data on the target audience) and for the person (free knickknack). But in some cases, people provide a lot of personal data in exchange for a magnet / mug / notepad. And this data can be used.
VK stickers are a fun thing, aren't they? Beautiful monosyllabic answers, decorated in the form of pictures that can be answered in the dialogues. Many people spend money for the opportunity to get stickers, and some get it for free, and it is the opportunity to get stickers for free (what will you rarely use
? )
Are they captivating.
Today I received a message from one of my friends about the possibility of getting free stickers.
When sending a message to the bot, he writes so that you put a like and send him a message. We try to just send him a message.
It's all over. Now he asks to send a message to 15 friends and write to him. We try to just write to him.
He writes that we cheat, but we understand that a bot without confirming via VK API and obtaining access rights will not be able to read our messages, we try to just write “Completed” and hurray, it remains to follow the incomprehensible link and get stickers.
picked up the doughWhen you go to the link, after the redirects, we are thrown onto a well-designed, visually-designed website with a suggestion to log in via VKontakte in order to finally receive the cherished stickers.
When you click on the button, you go
to the page with a modal login window and the favicon already installed from VKontakte. Attentive user will notice the wrong address in the address bar and the fact that we have previously been authorized to VC.
Also, for the curious, the context menu call and selection are disabled.
Data is sent by POST request to the same address.
We are going to the meeting to which we were sent a link
In the links - the real page "Coca-Cola", and the organizer of the meeting - the left closed group. But decorated all more than plausible.
What we have:
More than 15,000 views of the record,
more than 3,400 people who liked the record, which means they
wrote to the bot .
Perhaps this is the largest drain of data VK for this year. In support, I have already unsubscribed, waiting for an answer.
UPD: Wrote in support and in minutes 15
Any conclusion? And not him. Remembering the famous phrase of Mavrodi, people relating to the issue of their security loyally, will never end, you can make the assumption that there will be many similar groups. As for protection, it is enough to remember the words of the venereologist: look what you are entering and where.
UPD 2 (for comments): Literacy issues in the field of computer security can and should be covered, because
juvenile dolb kulkhackers will always be there, and hacking questions are always silent. People need to know how they can be hacked. And I hope then the number of such questions will be less
