Fake Government Warning Leads to Bogus Infection Pictures

“Your Photos Are being Used” Phishing Lure

We’re seeing some reports that an old favourite of scammers everywhere is currently in circulation on social media sites such as Tumblr. If you receive a message from a friend which says:


then be very careful should you happen to click the link, because you may well be sent to a fake login page.

In this case, the scammers use some Javascript to bounce the victim from a Tumblr spam blog to a fake Facebook login which they’ll need to use to see the supposed photos.

Anybody filling in their details and hitting enter will of course have their username and password sent to the attacker.

Spam blog

This sort of scam is often seen on Twitter, and regularly puts in a guest appearance or twelve on other sites.

Any urgent-sounding messages sent your way which suggest imminent personal embarrassment of some description should be treated with healthy skepticism until you’ve confirmed that a) the message is genuine and b) it really was worth saving up for a one way ticket to the Sahara desert all those years ago.

It’s very likely you’re going to be fine – however, you won’t be able to say the same for accounts being handed over to a scammer using a little shock and awe (but mostly shock) as a bait to spirit away some logins.

Christopher Boyd


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.