Coca-Cola Scam on Facebook: what the heck is a ‘Coca-Cola Scam’?

Here’s the latest scam to make its home on Facebook.

A link shows up in one of your friends’ status that says, “I am part of the 98.3% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video.”

When you click the link, you are given the runaround (the video doesn’t exist at all) until finally you are taken to a poll that asks you to reveal personal information.

It’s almost as if the crooks have figured out how to make money off Facebook before Facebook did (Facebook has attracted billions from venture capitalists, but from what I’ve heard, they’ve yet to actually stumble upon a working business model).

When you’re on Facebook, you simply cannot implicitly trust links, even when posted by a friend. That goes double for links to ‘scandalous’ videos or images, such as the example here. Your friend’s account may have been compromised, or they might be posting links in an attempt to receive some form of payout or reward.

If you’re looking at a shortened URL (such as bit.ly), use a site like LongURL to preview it before you go. However, the URL might not necessarily be shortened (as in this case), although you can still use LongURL to preview most sites.

Another way to check is to google a phrase from the link, to see if news of a scam or phishing attack pops up. Again, though, if it’s brand new, the word might not have gotten out yet (and it takes time for things to appear in a Google search anyway).

Whatever you do, exercise caution at all times, and never enter personal information or passwords on any site that you arrived at via Facebook or Twitter. Once you’re logged in, there is no reason to log in again, and there is exactly zero reason to reveal nonpublic personal information.

LongURL: How to see where a shortened URL takes you before you click.

Twitter (and to some extent, Facebook) have seen the rise of the URL Shortener.

When you want to share a link on Twitter, you run into a problem: the web address you need to paste takes up most or all of your allotted 140 characters, which leaves no room for your commentary, or extends beyond 140, which renders the link useless. However, sharing links is about half of what people use Twitter for (other than pointless babble and talking about what they just ate. Amiright?).

Along came the URL shorteners.

With a URL shortening website, you can enter a long web address, and the site will create a link that only uses up a few characters, which leaves room for you to tell people exactly what the link is.

For example, if you wanted to point to this article on Twitter, you could paste this link:

http://fraudpreventionunit.org/2010/01/12/longurl-how-to-see-where-a-shortened-url-takes-you-before-you-click

Or you could use this:

http://bit.ly/cMIkCZ

The first one uses up 109 characters, which only leaves you room to say “Cool!” or something, which makes the link look suspicious. The second link only uses 20, which leaves you 120 characters, more than enough for a short sentence or explanation.

Bit.ly is just one of the popular URL shorteners. Others that spring to mind offhand are Ow.ly, Tr.im, and Tinyurl.com. WordPress has its own service, too; Wp.me.

Now, here’s the problem. When you look at a shortened URL, there’s no way to tell where it takes you. Of course, you can look at the text it was pasted with, but there’s a problem there, too: several years ago, somebody discovered that it’s possible to lie on the Internet.

What this means is that a person with questionable intentions could post a shortened URL and tell you it’s a link to an interesting video or article, but have the link actually take you to a site that will install some form of virus or spyware (read: financial and identity theft risk) onto your computer.

Along comes LongURL, a shortened URL decoder.

LongURL is a site that allows you to paste a shortened URL and it will tell you the address of the site it points to. It’s sort of like a reverse phone lookup.

It’s not just a website, either. If you’re using Mozilla Firefox as your web browser (and, to be honest, you really should be), you can install LongURL as a plugin. This means you don’t have to visit the LongURL website every time you want to expand a URL.

“But,” I can hear some of you saying, “isn’t it awfully inconvenient to have to check out every shortened URL before I click it? I don’t want to slow down!”

Well, that’s one of the attitudes that keeps Internet crime so lucrative. It’s been a long time since malware was the exclusive domain of nerdy suburban kids and college students trying to cause disruptions or simply stroke their own egos by putting out a widespread and annoying (but relatively harmless) virus. These days, most of the people creating malware and using all these different tactics to distribute it are involved in organized crime and/or terrorism (or at best, extremely scummy marketing practices). It’s all about money now.

When you insist on unconsciously following any link you feel like following, without taking a moment to consider the possible consequences, all in the name of not wanting to slow down, you’re playing right into these criminals’ hands. It won’t be long before you fall for a shortened URL phishing attack and end up with a computer just brimming with bad juju.

I mean, it’s hard enough to keep your computer clean if you are paying attention, what with so much of the software industry’s insistence on rushing sub-par products to market that are vulnerable to things that, frankly, should have been eliminated 15 years ago (all in the name of speed, as usual). If you’re just blindly speeding along and not taking a couple seconds to look where you’re going, you’re going to run into something nasty before too long.

Ask yourself this: “Would I rather take an extra five seconds to check out what this URL is pointing to, or would I rather end up with a computer full of viruses (which could take hours or days to fix) or an identity theft situation (which could take months to fix)?”

Go to LongURL. Pay attention. Stay vigilant. Slow down.