Reported to Facebook for violating their terms of service?

Filed Under: Data loss, Facebook, Social networks, Spam

Facebook
It's less than a week since a rogue third-party application called "Error Check System" blitzed Facebook users claiming that there was a problem with their profiles, sending concerned users to malicious websites as they searched for information.

Now, another Facebook application is using underhand methods to collect the details of users, by sending them bogus notification messages that a friend has reported them for violating Facebook's terms of service.

A typical message sent by the "F a c e b o o k -- closing down!!!" application reads as follows:

"[Friend's name] has just reported you to Facebook for violating our Terms of Service. - This is your official warning! - Click here to find out why you were reported! - Request Facebook look at what has happened and rule immediatley."

Hopefully the sloppy spelling prevented some people from clicking on the link and adding the application, but if you didn't spot that schoolboy error then you might have given some ne'er-do-wells permission to access your profile and personal information, and also unwittingly forwarded the bogus message to all of your Facebook friends.

Yes, this application rifles through your contacts list sending itself to your Facebook friends, thus worming its way around the social network in a "viral" way.

Facebook appears to have now removed the application, although there are reports that similar rogue applications with names such as "My account" and "Reported For Rule Breaking" have also been seen.

One of the problems is that Facebook allows anybody to write an application, and third-party applications are not vetted before they are made available to the public. So, even as Facebook stamps out one malignant application, it can pop up in another place like a poisoned mushroom with a different name.

It sounds like this could be a new favoured trick being used by spammers and identity thieves to build up their databases of intended targets. My advice to Facebook users is to think very carefully before adding any new applications.

,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.