Jeremy Kyle is forced to step back after man starts headbutting Facebook scam

Filed Under: Celebrities, Facebook, Mobile, Nude Celebrities, Rogue applications, Social networks, Spam

Another scam is hitting Facebook this weekend pretending to be a video of British TV celebrity Jeremy Kyle being headbutted.

Like the Jerry Springer show in the United States, Kyle's show is notorious in the UK for showcasing controversial content. As have many of the fake Facebook applications we have seen in the past, it requests permission to post to your wall and then propagates across the walls of curious Facebook friends who click the link.

Facebook wall message

In addition to spreading on Facebook, this scam is being sent out on Twitter using a combination of spam and compromised legitimate Twitter accounts. The Twitter links ultimately lead you to the Facebook application, rather than directly to the affiliate marketing scams it is designed to spread.

Facebook app permissions request

One twist which we have seen more frequently of late is the bogus application requesting permission to "Manage my pages". If the attacker can trick a Facebook page administrator into granting their application control to post on the page, it allows them to send their message to a much larger audience.

At the time of writing more than 11,500 people have clicked through to this scam, which plays out in an all too familiar way. You are led to a Facebook Application which looks like a video player. When you click the video it asks for permission to "Like" it. Instead of seeing the promised video, you are then asked to fill out a survey, play a game or take an IQ test. Companies that offer money to individuals who can drive them referral traffic are ultimately to blame for these problems. Every person who takes the IQ test and subscribes to a premium rate SMS service will result in the scammer being paid an affiliate fee.

Affiliate marketing choice window

Similar survey scams in the past have posed as free seat at a Justin Bieber concerts or free airline tickets, amongst many other disguises.

Here's a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Considering that we have seen large numbers of these attacks on Facebook for over a year now, it does raise a lot of questions about their new email service. If they are unable to properly filter applications for users who register for access to their developer API, will they be able to prevent scams from spreading through their enhanced messaging service? I suppose only time will tell.

Thank you to one of our Naked Security readers for sending us a tip on this one. Have a tip? Send us an email at tip@sophos.com.

If you're a member of Facebook and want to learn more about security threats you should join the thriving community on the Sophos Facebook page.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.