Over the last few weeks we've seen more and more scams spreading virally across Facebook, tricking users into clicking on links and approving rogue applications. We've seen anacondas coughing up hippos, the world's worst McDonald's customer, and even the lure of hidden messages in Toy Story 3 being used as clickbait by recent outbreaks.
Here's one of the latest examples, where Facebook users are unknowingly spreading messages that say:
This student attacked his teacher and nearly killed him. OMG You all have to see this!
Clicking on the link takes you to a rogue application, designed to post the link again onto your Facebook page.
Of course, the applications wouldn't be able to send messages from the accounts unless the Facebook users had granted the rogue application permission to access their profile.
Sadly many people will grant the permission without thinking, as they keen to see the video that their Facebook friends appear to be recommending.
Note that in the above example, the application even asks for permission to email you directly at your non-Facebook address. One can only assume that this will be for the purposes of sending spam or spreading more mischievous links.
Even after granting permission, the shady people behind the rogue application want you to jump through some additional hoops - asking you to specifically invite five of your Facebook friends to join the application as well.
As I said, we are encountering more and more of these scams every day spreading using this sort of mechanism on Facebook. Some of them additionally attempt to skim affiliate money by requiring users to complete online surveys.
Here's another one.
OMG! TEACHER BEATS UP A STUDENT. SHOCKING VIDEO!
Teacher beats up a female student. Awful.
Have you seen this? What would you do if this was you or your child?
In this case, you do actually get to see a YouTube video - although only after you've granted permission for the application to access your profile, and after it has updated your profile to advertise the link to even more people on Facebook.
As this problem continues to get worse, one has to wonder how Facebook plans to stamp it out. At the moment it looks like the bad guys are winning, and are making the social network a less fun place to be.
Remember if you've been hit by any attacks like this to remove all references to it from your profile (so it can't be shared further with your online friends), and check your Facebook applications settings to ensure any rogue applications have been removed.
Here's a YouTube video where I show you how to clean-up your Facebook account:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you have Facebook friends who you believe are acting unsafely online invite them to join the Sophos page on Facebook.