Scammers are preying on Facebook users' combined fascination of celebrities and sex to lure them to a site that steals their authentication token in order to gain access to user’s accounts, post automatic updates to their profiles and tag their friends to spread the scam.
The bait comes in the form of a nonexistent Miley Cyrus sex tape. "Miley Cyrus sex tape leaked on the Internet. Millions of men called in sick after seeing it," reads the banner on a fake, generic-looking broadcast news still.
This isn’t the first time Cyrus and “sex” have been used to scam Facebook users. A very similar headline was used to prey on members of the online community last year.
Clicking the ad leads to a page that appears to host the video "[Sex Tape] Is Miley's Career Over?" but clicking play brings up a prompt that asks for a "verification code" to prove that the viewer is not a minor.
The URL codes are usually used by developers to obtain permission for apps to access certain features and information. They’re often used by mobile app developers to access a phone’s contacts or location services. They have nothing to do with a user's age. Once the scammers have temporary access to someone's account, they can spam friends, steal personal information, impersonate the account holder and run a script to automatically post messages to further propagate the scam.
Instead of seeing a purportedly stolen, highly personal tape of the former Disney Channel star, users are taken on a sad and boring journey through quiz after quiz that evoke memories of the spammy hellscape of the early 2000s, before pop-up blockers came standard on nearly every browser. There is never any payoff, just a digital mess that the user is left to mop up.
Follow Ben on Twitter@benkwx.