Story image

Hacked Snapchat accounts use native chat feature to spread diet pill spam

07 Oct 14

In May, Snapchat released an update that put the “chat” into the app by allowing users to send messages. Symantec previously warned that criminals would inevitably leverage this feature in future spam campaigns and since that time, a number of Snapchat users have reported receiving chat messages and photos from their friends promoting diet pill spam.

Symantec has now released an overview of the current situation and advice for users on how they can secure their Snapchat account.

This is not the first campaign of this type we have seen. In February 2014, a number of Snapchat accounts were compromised and used to send images of fruit drinks, promoting websites called FrootSnap and SnapFroot.

The fruit-themed spam messages required users to manually visit the websites, and this extra step presented a challenge. These websites redirected to a site designed to look like Groupon.com, promoting a miracle diet solution called Garcinia Cambogia.
The latest round of Snapchat spam has seen spammers leveraging the native chat functionality instead.

The compromised Snapchat accounts send out a photo message of a box of Garcinia Cambogia, which is followed by a chat message that includes a suspicious link containing ‘groupon.com’ in the URL.

A link from someone that isn’t your Snapchat friend is not clickable. However, by compromising Snapchat accounts, spammers are able to insert clickable links into their messages based on who the compromised account is friends with.

Snapchat issued a statement saying that the accounts promoting these miracle diets were compromised. Snapchat said that credentials, obtained through a breach of another website, were reused on Snapchat accounts. Snapchat claims that the reason these accounts were compromised was because certain users reused the same password on multiple websites.

Secure your Snapchat account
There is no denying that password reuse is problematic and users should never use the same password for multiple sites; however, passwords by themselves are not enough. Some social networks have introduced two-step verification to help prevent unauthorised login attempts. Until Snapchat implements this feature, userscan change their Snapchat passwords to something stronger and, most importantly, something unique.

To access this blog post, please follow this link: http://www.symantec.com/connect/blogs/hacked-snapchat-accounts-use-native-chat-feature-spread-diet-pill-spam

52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Spark Lab launches free cybersecurity tool for SMBs
Spark Lab has launched a new tool that it hopes will help New Zealand’s small businesses understand their cybersecurity risks.
Preparing for the future of work – growing big ideas from small spaces
We’ve all seen it: our offices are changing from the traditional four walls - to no walls. A need to reduce real estate costs is a key driver, as is enabling a more diverse and agile workforce.
Bluetooth-enabled traps could spell the end for NZ's pests
A Wellington conservation tech company has come up with a way of using Bluetooth to help capture pests like rats and stoats.
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."