Phony Robin Williams Phone Video Posts on Facebook

There are times when you find the efforts of cybercriminals both amusing and annoying, and then there are times when your contempt for these villainous creeps really gets to you.

The recent and tragic death of actor and comedian Robin Williams shocked the world. Most people strongly feel that the man should be allowed to rest in peace and his family allowed to grieve privately. Yet, a basic respect for life and death seems to be lacking in the mind of the vast majority of cybercriminals.

For a while, Facebook has been the focus of cybercrime activity. What better way to target the unsuspecting masses, than posting fake sensational news articles, videos, and headlines with links to malicious code and unwanted apps?

This week, CYREN observed once again the world of the cybercriminal and Facebook colliding when a fake news feed post appeared purporting to have insight into this beloved actor’s passing. When users clicked on the link, they were told that in order to view the video, they first needed to “like” the link, thus giving more credibility to the video and helping it to spread further on the social network. Of course, no such video existed, and instead, users were redirected based on the device they were using. 

Mobile users were redirected to a variety of different apps on the Google Play Store. (CYREN suspects that the redirects provided some affiliate revenue for the news feed creator.) The apps themselves were from generally reputable companies.

PC users who clicked like were offered “VideoPerformer”, a video player that also downloads adware or toolbars—unwanted, but not malware.

Having gotten much better at detecting malicious and fake content, within a few hours Facebook had erased all the posts.