Once again a viral scam is spreading rapidly across Facebook, posting messages on users' profiles in an attempt to trick the unwary into installing a rogue application.
Here's a video where I demonstrate the attack:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Many Facebook accounts are currently posting messages saying:
OMG! Shocking Real Crimes caught live on Google Streets. This is SO Unbelievable and you have got to see it! hxxp://tiny.cc/urztb
At first glance you may believe that your friend genuinely thinks that you will be interested in viewing what's at the end of that link, but the fact of the matter is that it wasn't your Facebook friend who posted that message - but a rogue Facebook application called Earth Finder.
If you do fall for the social engineering trick and click on the link you are taken to a Facebook page which says:
Google Street View
Big Brother is constantly watching us and does so all the time. These Crooks thought that they were above the LAW and could get away with anything. Unfortunately for them, Google Streets caught them red handed and on FILM!
See the world's most EMBARRASSING and SHOCKING CRIME photos that were caught live on Google Streets.
[Click Here to See The CRIMES]
By now you're hooked, and quite possibly desperate to find out what embarrassing and shocking photographs of criminals you might be about to be shown (remember, it was your friend's Facebook account which has recommended this content after all).
But going any further takes you to a page which tells you you need to give permission to a Facebook application called "Earth Finder" first.
And that's where things really begin to go wrong. Because now you've given the green light for "Earth Finder" to post messages from your Facebook profile, advertising it to all of your friends.
And once again (like the recent "Teacher Nearly Killed This Boy" application which I caught on video) you will be making money for the scammers by being redirected to a series of surveys and online questionnaires.
If you've fallen for a scam like this, spreading virally across Facebook, make sure you clean up your Facebook account - remove the references to it from your status updates and news feeds, and ensure that you have zapped it from your list of applications.
Please take care when you're online, and consider joining the Sophos page on Facebook to be kept informed of the latest security threats.
And be sure to warn your friends who passed the link onto you as well - clearly they're not taking enough care about their computer security if they're granting permission for apps like this to have access to their Facebook profile.