Another scam is hitting Facebook this weekend pretending to be a video of British TV celebrity Jeremy Kyle being headbutted.
Like the Jerry Springer show in the United States, Kyle's show is notorious in the UK for showcasing controversial content. As have many of the fake Facebook applications we have seen in the past, it requests permission to post to your wall and then propagates across the walls of curious Facebook friends who click the link.
In addition to spreading on Facebook, this scam is being sent out on Twitter using a combination of spam and compromised legitimate Twitter accounts. The Twitter links ultimately lead you to the Facebook application, rather than directly to the affiliate marketing scams it is designed to spread.
One twist which we have seen more frequently of late is the bogus application requesting permission to "Manage my pages". If the attacker can trick a Facebook page administrator into granting their application control to post on the page, it allows them to send their message to a much larger audience.
At the time of writing more than 11,500 people have clicked through to this scam, which plays out in an all too familiar way. You are led to a Facebook Application which looks like a video player. When you click the video it asks for permission to "Like" it. Instead of seeing the promised video, you are then asked to fill out a survey, play a game or take an IQ test. Companies that offer money to individuals who can drive them referral traffic are ultimately to blame for these problems. Every person who takes the IQ test and subscribes to a premium rate SMS service will result in the scammer being paid an affiliate fee.
Here's a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Considering that we have seen large numbers of these attacks on Facebook for over a year now, it does raise a lot of questions about their new email service. If they are unable to properly filter applications for users who register for access to their developer API, will they be able to prevent scams from spreading through their enhanced messaging service? I suppose only time will tell.
Thank you to one of our Naked Security readers for sending us a tip on this one. Have a tip? Send us an email at firstname.lastname@example.org.
If you're a member of Facebook and want to learn more about security threats you should join the thriving community on the Sophos Facebook page.