Earlier this year I blogged about how scammers were abusing Facebook users' curiousity about who might be viewing their profile. Surprise surprise, they're at it again.
Right now we're seeing messages spreading across Facebook claiming to have found a way to allow you to sneakily tell who has been looking at your profile. And it's no shock to see that many people are intrigued as to who might be checking them out online (maybe it's a secret admirer? or an ex-girlfriend or boyfriend? or a prospective employer?), and clicking on the link.
A typical message reads:
See who viewed your profilee original version 2.0:
now you can see who viewed your facebook profile
However, this is not new legitimate functionality that Facebook has built into its social network. Instead, if you click on the link you are taken to a third-party website which (to the untrained eye) may at first glance appear to still be on the real Facebook site, but is in fact designed to trick you into sharing their link further.
As we've seen in the past in connection with other scams, the page encourages you to "Like" it and "share" it numerous times before it will hand over the ability to has viewed your Facebook profile.
This should, frankly, be enough to trigger your suspicions and have you rapidly retreating. But, it appears, many Facebook users have fallen for the scam and have helped the unknown perpetrators spread their links far and wide.
Scams like this don't need to exploit security vulnerabilities in Facebook's code - all they need to do is socially engineer users into making poor decisions. In this case, the desire to see who might be investigating you on Facebook might be enough to convince you to share and endorse a link to your other online friends. And in this way you are spreading the link virally across the network.
Remember, functionality does not exist in Facebook to allow you to find out who has viewed your profile. So many people are being tricked into believing that it might be possible, that Facebook has had to include a firm denial in its FAQ.
Oh, and if you're still wondering, I never managed to find out who had been viewing my Facebook profile..
Ultimately you have to have your wits about you to avoid scams like this. If you or your friends keep falling for these sort of confidence tricks, or want to learn more about security threats, don't forget you can join the Sophos page on Facebook.