After seemingly successfully spreading a scam across Facebook disguised as free JetBlue Airways tickets yesterday, the bad guys have turned their attention to Delta Air Lines.
Messages seen spreading today on Facebook look like this:
Just Got 4 Delta Air Lines Tickets For Free
delta tickets
They are offering 4 tickets to use in the Holiday Season. Grab yours now
Maybe your security spider sense should already have made you suspicious about the seemingly oh-so-generous offer, but no doubt there are many people who would have felt tempted to click on the link. Especially when it appears on the wall of one of your Facebook friends.
If you do click on the link you are taken to a page which tells you you will need to "connect" if you want to receive your four free tickets.
Which, in turn, takes you to a standard permissions dialog asking you to grant access for the third-party application (called 4freedeltatickets) to peruse your profile, grab personal information from you, send you spam emails and even post to your wall.
Having done all this - will you actually receive four free Delta Air Lines tickets? I doubt it. In my case, I was taken to a webpage which asked me for my mobile phone number. In tiny print underneath it explained that by submitting my cellphone number I would be signing up for an expensive premium rate service - no thank you!
No doubt the scammers are earning commission by directing unsuspecting users in an underhand way to webpages like this.
And meanwhile, you'll find that the rogue application has taken advantage of its right to access your Facebook profile, by spreading the message virally via your own wall. It's even added you to an "event" in a future attempt to spread news of the bogus offer!
If you've found that you have fallen victim to a scam like this, remove references to the scam from your newsfeed, revoke the right of the rogue application to access your profile via Account/ Privacy Settings/ Applications and Websites, and delete any events that you aren't interested in.
Here's a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you're a keen user of Facebook, you should also join the thriving community (over 32,000 so far!) on the Sophos Facebook page.
Hat-tip: Thanks to faithful Naked Security reader Aniko for bringing this threat to my attention.
The real mystery is why Facebook hasn't been able to stop these scams from repeatedly spreading like wildfire. They obviously have robots and algorithms that do all sorts of fancy stuff (like removing these apps after the fact) - how come the algorithms that approve apps and links before the fact are on stone age level?
I have no idea, but something is fishy her, so allow me to speculate:
1. A management decision has been made to allow these scams to spread because the majority shareholders get a percentage of the scam revenue.
2. A management decision has been made to ease up on app and link approval because the site hasn't got the resources to invest in the required processing power.
3. Someone high up in the hierarchy (Mark?) has actually written the code to stop scammy apps and links, and noone dares voice the opinion that something needs to be done
4. A management decision has been made to the effect that no hires are to be done to manually screen flagged apps and links that are in the grey zone.
5. Management has lost touch with reality?
With 1 billion users coming up Its time Fb steps up and displays greater care for the security of it's users than hitherto.