Who's watching you really?

by Beth Jones on March 5, 2010 | Leave a comment

Filed Under: Social networks, SophosLabs

This morning while I was enjoying my coffee I received an event notification for my personal Facebook account. It was for a group called "See Who's Spying On Your Profile - GET NOTIFIED -". and "See Everyone Who Views Your Profile". Immediately, my security hat went on and I started to investigate.

At first glance, they are both pyramid schemes. In both, you become a fan, then you have to suggest the page to 50 of your friends to move onto the next stage. From there the tactics diverge slightly. In the first one, you need to take a marketing quiz that asks for all sorts of personal info, and you need to put in your Facebook username and password, so they can "monitor" your profile. AND you have to provide them with your mobile number. Now wait a minute... why would they need my mobile number?

Hang on. That seems a bit "phishy" to me. Let's check what they have to say on their wall.

Sure enough, based on the comments left on the page, this "notify" feature doesn't work. This group had over 58,000 fans.

In the second one, it was not so much a phish as a way to get you to download a toolbar. In the invite is a shortened URL that leads to a download site. It's a "social network" toolbar that has various "widgets" for social sites such as Facebook, Twitter, Flickr, etc. This group had over 300,000 members.

So wait a minute, more than 358,000 people have willingly given their login details with little thought. They were so concerned with who was "spying" on their profile (there's been a lot of media about insurance companies accessing social media sites as a way to deny claims), that they fell for the bait - hook, line and sinker. If you are concerned about who is viewing your Facebook profile, please check out these links to lock down your privacy settings.

http://www.sophos.com/security/topic/facebook.html
http://www.sophos.com/security/best-practice/facebook/

Tags:

Related Posts

Image (1) hongkong.jpg for post 20625

Malware in the morning (a day in SophosLabs)

Why I Hate to Love Google Earth!

Why I Hate to Love Google Earth!

Default image

Am I the Future Of The Human Race or is this just spam?

flaming-retort-square-image-250

FLAMING RETORT: Hacktivism, hacking and hackers - what do these words really mean?

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About the author

Beth Jones Senior Threat Researcher, SophosLabs US Beth manages the day-to-day research and analysis activities of incoming suspicious malware threats that arrive in SophosLabs via customers, partners and prospects. Beth has worked in Sophos's Boston lab for more than five years and brings nearly a decade of network security experience to Sophos.