Thousands of Facebook users are spreading a message to their online friends, urging them to see a "shocking video" that claims to be of the world's worst McDonald's customer.
The messages read:
OMG the worlds worst mcdonalds customer (shocking video must see)
followed by a bit.ly link.
Clicking on the link takes you to a Facebook application called "Worst McD's Customer", which asks permission to post to your wall, access your data at any time, access your contact information and your list of friends, amongst other things.
If you're sensible you'll pull out at this point, and not grant the application permission to access your data. But sadly plenty of people are keen to see the "shocking video" and will hand over control to the rogue Facebook app - which promptly posts the link as a status update to your Facebook wall - thus perpetuating the cycle.
If you were foolhardy enough to fall for this trick, remove the references to the link from your newsfeed, clear your status message, and ensure that the application's right to access your account is revoked.
Just imagine what cybercriminals could do if they had access to your profile..
We've contacted Facebook and bit.ly asking them to shut down the application and the shortened link respectively - but it's almost certain that it will pop up again before too long with a slightly different name.
Here's a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you're on Facebook you should join the Sophos Facebook page to stay up-to-date with the latest security news.
