Student attacked his teacher and nearly killed him? OMG! It's another Facebook scam

by Graham Cluley on August 11, 2010 | Leave a comment

Filed Under: Data loss, Malware, Social networks, Spam

Over the last few weeks we've seen more and more scams spreading virally across Facebook, tricking users into clicking on links and approving rogue applications. We've seen anacondas coughing up hippos, the world's worst McDonald's customer, and even the lure of hidden messages in Toy Story 3 being used as clickbait by recent outbreaks.

Here's one of the latest examples, where Facebook users are unknowingly spreading messages that say:

This student attacked his teacher and nearly killed him. OMG You all have to see this!

Student vs teacher

Clicking on the link takes you to a rogue application, designed to post the link again onto your Facebook page.

Of course, the applications wouldn't be able to send messages from the accounts unless the Facebook users had granted the rogue application permission to access their profile.

Sadly many people will grant the permission without thinking, as they keen to see the video that their Facebook friends appear to be recommending.

Note that in the above example, the application even asks for permission to email you directly at your non-Facebook address. One can only assume that this will be for the purposes of sending spam or spreading more mischievous links.

Even after granting permission, the shady people behind the rogue application want you to jump through some additional hoops - asking you to specifically invite five of your Facebook friends to join the application as well.

Student vs teacher app

As I said, we are encountering more and more of these scams every day spreading using this sort of mechanism on Facebook. Some of them additionally attempt to skim affiliate money by requiring users to complete online surveys.

Here's another one.

OMG! TEACHER BEATS UP A STUDENT. SHOCKING VIDEO!
Teacher beats up a female student. Awful.
Have you seen this? What would you do if this was you or your child?

In this case, you do actually get to see a YouTube video - although only after you've granted permission for the application to access your profile, and after it has updated your profile to advertise the link to even more people on Facebook.

Shocking Video rogue Facebook application

As this problem continues to get worse, one has to wonder how Facebook plans to stamp it out. At the moment it looks like the bad guys are winning, and are making the social network a less fun place to be.

Remember if you've been hit by any attacks like this to remove all references to it from your profile (so it can't be shared further with your online friends), and check your Facebook applications settings to ensure any rogue applications have been removed.

Here's a YouTube video where I show you how to clean-up your Facebook account:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

If you have Facebook friends who you believe are acting unsafely online invite them to join the Sophos page on Facebook.

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can email Graham, subscribe to his updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.