A new scam is spreading rapidly across Facebook, using rogue applications to post spam messages onto users' profiles claiming to be a way of discovering the total number of times your Facebook profile has been viewed.
The following YouTube video explains more:
Tens of thousands of users have been tricked into clicking on the messages.
My total facebook views are: XXXX
Find out your total profile views [LINK]
The number of "views" shown each time changes, and there are a number of different links being used, but all of them point to rogue applications which trick you into allowing them to access your Facebook page and profile:
And as soon as you click on "allow", the scammers have you by the short-and-curlies. Behind the scenes, they are already posting messages which can be seen by your Facebook friends.
Plenty of people may want to know how many times their Facebook profile has been viewed (some may regard it as a badge of honour, rather like collecting followers on Twitter, or connections on LinkedIn) but this application is making the number up.
How do I know? Well, the test account I used to research this particular rogue application is friends with no-one, and isn't found in a Facebook search. I hardly think that it's true that it's been viewed over 3645 times..
But, of course, if your friends see "you" posting a message like that on Facebook they may well be tempted to find out their score for veiwers themselves, and click on the link and approve the application. And thus the rogue application spreads virally across Facebook.
So, what's the intention of all this? Well, if you do allow the rogue app to access your profile and post to your Facebook page then you'll next be taken to the webpage which claims it will calculate the number of people who have viewed your profile.
But first, they want you to complete a survey.
The scammers make money every time one of these surveys is completed. They're simply using the draw of a mythical Facebook view count to lure in the unwary and get as many people as possible to click on their links and take their surveys.
If you've been affected by this scam, you should clean up your account before any further damage is done.
I've made a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams on Facebook:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 50,000 people regularly share information on threats and discuss the latest security news.
You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
actually I never even finsihed the survey and it still yold me my views hmmm does sound like a scam- if you don't want it then don't even click on it at all. whether u finish the survey or not the still let u through.
Yes, you don't need to complete the survey to have the irritating message about your number of views spammed to your Facebook page.
As soon as you authorise the rogue app it will post a message on your page, and will attempt to find friends of yours to trick too.
that survey is so fake looking, how could anyone fall for it?
A few years ago streaming sites were amongst the first to use the survey scam, back then it didn't seem like anything out of the ordinary, if a little annoying. Also, remember, very intelligent people can fall for scams like these, which is why the scammers keep them up.
Think of the email phishing scams, most of us probably instantly resign the email from an African banker to our junk, but all it needs is one eprson to follow through with it and the scammers can make thousands. Really, it's quite an easy way of making money.
I saw a few of my friends with this, but given that I'm slightly more clued up and read your blog, I figured it was likely to be a scam so didn't even get tempted. I'll post your blog to my profile anyway to try to warn others, but you know what some are like. Anything glittering and shiny must be clicked.
I've refused to sign some heart-warming and legitimate surveys and petitions online with my facebook account, as to sign it the website needs far more information about me than I deem acceptable. They are other things to watch out for!
Wow. I've never read this blog before. I'm outside of security discussions and so might be more of a "normal" user. However, there seems to be a certain segment of the population that is susceptible. I'm not sure how well it correlates with intelligence but whatever it is that causes this certain group of people to fall for stuff like this deserves to be investigated. It could be a clue to a failure within the larger society.
http://www.facebook.com/help/?faq=12903
Can I know who’s viewing my profile or how often it’s being viewed?
No, Facebook does not provide the ability to track who is viewing your profile, or parts of your profile, such as your photos. Applications by outside developers cannot provide this functionality, either. Applications that claim to give you this ability will be removed from Facebook for violating policy. You can report applications that provide untrustworthy experiences by clicking the "Report Application" at the bottom of the application’s About page, or by clicking "Report" at the bottom of any canvas page within the application.
I knew for certain it was a fake when one of my friends has over 2000 views in less than 20 minutes. When I told her that, she said she got a blank page when she clicked on it. Maybe I'm way too paranoid, but I stopped clicking on those types of apps a long time ago. Also, If the apps I do on wants me to sell my soul to Satan I exit immediately.
Your clean up video on youtube has been great. I've posted it for a few friends on their facebook pages after they had fallen for these scams, to help them clean it up. But for your blog here (which I do enjoy reading), there's so many of these reported each week, you should just make the 'facebook scams' post a weekly update of the new 'themes' and a reminder of how to clean it up. No need to have this be 1/5th of your posts, there's gotta be more security news to report than this.
Hi DjFIL. Thanks for the feedback. The problem with only posting about Facebook scams on a weekly basis is that that gives them a longer window to spread. Many of these attacks spread *incredibly* quickly, and so a quick response is important - otherwise, many more people would be hit.
I realise it's a bit tedious for those Naked Security readers who are wise to the scams, or who don't use Facebook, but hopefully you can quickly scan the main page and realise which stories you'll be genuinely interested in reading, and which you're not.
You should also inform the readers about the new ones that claim they can tell you the top 10 friends that viewed your profile and the apps that say they can tell you how many guys and girls viewed your profile. I have personally seen a huge increase of these fake app over the past few weeks.
I've lost track of how many of my Facebook friends have installed these scam applications. It's like they're click happy and will blindly click on anything.
I wouldn't be surprised if they are the same when it comes to apps on their computers and phones which is really quite worrying.
As always I try and point them in the direction of the Sophos Facebook Page, this blog or the Facecrooks page which seems to have reasonably up to date information.
I really do think though that Facebook should make more of a effort to do something about it. Sure I'm not a big fan of Apple but I do think that their screening of apps is probably a good thing, and an idea that Facebook should implement.
Rob
Cheers Graham came across this the other day! ant the video was a great help! im actually learning how to make Facebook aps as well speak .net magazine has a feature on it so thought it might be a nother good string to my bow as a webdesigner!
But rest assures I will naot be making rogue ones!
great article buddy and all the best
-P
How do I kill this scam?
Hey guys. So there is no way a person can see wether I saw their facebook profile isn't??....These applications are killing me..they keep coming...I'd wish that facebook stopped all these...if it was real..I'd be in a huge problem..bcz there is one person I saw his profile like 1 mil times . :| I'd be dead...but so that stupid application!
don't do the fbpeeks either.... after the survey i clicked on a person who it showed they veiwed me 87 times in the last week.... and after the survey it said that "you are viewed your facebook the most, quit being so vain"... then it sends it to all of your friends
Im pretty sure Facebook already removed this app, since I clicked on it and it didnt show any app, it send me directly to my own profile news.
It's not possible.
im not surprised...