Facebook will close all accounts today? Rogue app spreads virally

Filed Under: Facebook, Rogue applications, Social networks, Spam

Has Facebook CEO Mark Zuckerberg really announced that all accounts will be closed today unless users take action?

Of course not. But it's exactly the type of message that would get many users to click on a link without thinking of the possible consequences - especially if the message appears to have been shared with them by one of their Facebook friends.

Facebook verification message

Facebook will close down all accounts today. The official announcement was made by Mark Zuckerberg - Facebook Owner.
This is a simple step to keep your account working.
If you want to have you account from now, please verify your account. [LINK]

Clicking on the link isn't advisable. It takes you to a normal Facebook application permissions dialog, the kind you're probably all too familiar with if you spend much time on Facebook. However, this dialog box is requesting permissions for a rogue application - clicking "allow" will permit the app to post the message to your wall as well, spreading the link virally to your Facebook contacts.

Facebook verification rogue application

But if you are carefree enough about what gets posted to your Facebook page, and do decide to hand permission to the app to rummage through your profile, then you will be taken to what appears to be a (poorly punctuated) message from Mark Zuckerberg himself:

Facebook account verification and survey

Facebook active account verification process.

Facebook is recently becoming very overpopulated, There have been many members complaining that Facebook is becoming very slow.Record shows that the reason is that there are too many non active Facebook members And on the other site too many new Facebook members. We need each and every user to verify their account with our new verification process to see if Members are active or not, Once you have visited this verification. You have 15 minutes to verify your account.If you are active please verify to show that you are active .On failing to do so, The user will be deleted without hesitation to create more space. Sorry for the trouble!

Regards
CEO,Founder of Facebook
Mark Zuckerberg

Here's a larger version of the message if you want to see it.

But, as you can see, the message which claims to be from Facebook founder Mark Zuckerberg is overlaid with a pop-up which requests you take a quick survey to "verify your account".

This is where the scammers make their money. Every time you complete a survey you are helping the scammers earn commission. They abuse your Facebook account by posting messages from it, and earn some cash each time a survey is completed by an unsuspecting user.

The message which claims to come from Mark Zuckerberg is bogus, and there is no need to verify your Facebook account to prevent its deletion.

Here's an alternative version of the scam, which Naked Security reader Krista shared with us after she encountered it:

Alternative version of Facebook scam

Mark Zuckerberg - Official Announcement.
The owner of Facebook announced that all the accounts will SHUT DOWN. In order to keep your account, you MUST verify your account TODAY link - [LINK]

If you have been hit by scams like this on Facebook, and are struggling to clean-up your profile, here's a YouTube video I made which describes what steps you need to take:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 90,000 people regularly share information on threats and discuss the latest security news.

, , , , ,

You might like

22 Responses to Facebook will close all accounts today? Rogue app spreads virally

  1. Asian Kid · 1298 days ago

    why didn't you censor the link?

    • We told Facebook Security about this particular rogue application, and they've since shut down the link.

      Unfortunately new versions using different links are already doing the rounds.

  2. Curious · 1298 days ago

    Just curious, but is it really necessary to post about every single Facebook scam you come across? After a while, it gets a bit stale. Not that they're not a risk, but a large share of this blog is devoted to Facebook scams.

    • Thanks for the feedback Curious.

      Actually, we probably only write about 1 in every 50 that we encounter. It's by far the single largest type of threat that users send us alerts about. FWIW, the last one we wrote about was back on January 23rd.

      So, we're pretty much reporting them every day to Facebook Security even though we don't post about most of them.

      The depressing thing is that these scams are spreading very fast, and affecting large numbers of people. :-( We'd be doing those innocent users a disservice if we didn't share information about them.

      We're aware that our regular readers are probably all too familiar with them, and hopefully they can tell what they're getting into by the headline and choose which stories they're interested in and which they're not.

      • Cat · 1293 days ago

        Somebody posted one today, and Snopes doesn't have it as specific as this one was. Google search got me to this page which was the only way I could convince someone who has been posting this warning repeatedly for the past 3 hours. So it may get repetitive to regular readers, but it was immensely valuable for me to be able to point and say "look - that's official too".

    • larry murphy · 1293 days ago

      so if i did open one of those apps what steps do i now need to take to secure my facebook account

    • Seeing the variant below in last 24 hrs. Does not have app attached but just asks that you pass to 5 friends.

      "Facebook is recently becoming very overpopulated, there have been many members complaining that Facebook is becoming very slow. Record shows that the reason this is that there are many -active Facebook members and on the other side many new Facebook members.

      We will be sending this message around to see if member are active or not. If you are active please send to least 15 others using copy+paste to show that you are active. *Those who do not send this message within 2 weeks will be delete without hesitation to create more space.* Send this message to all your friends and to show me that your still active and will not be deleted.

      Founder of Facebook,
      Mark Zuckerberg .
      sadly , this isn't a joke "

  3. Allan Wagner · 1298 days ago

    I think it is great that you are posting about them and warning the public. I am in the IT industry so I can recognise these scams, but unfortunately there are many people who don't realise the risks and the odd person who could easily get caught up in scams or spamming.

    It isn't their fault they get caught in these things because they are not aware of it, but if you was more aware of it (after reading this blog) it would definitely help reduce the amount of scams caused. I believe its good what you are doing, and I think some people could be thankful about the blog.

    • Thanks Allan. Appreciate the support!

      Would be great if Facebook themselves were a little bit more on the bandwagon when it came to raising awareness amongst their users about these rogue apps.

      Imagine the good they could do if the Facebook Security page was used to give folks an early warning on what threats were spreading - that would definitely help get the message to the masses!

      • adm · 805 days ago

        i agree. these rogue apps will contine sprouting like wild weeds if facebook themselves just simply the apps or the links to the apps. facebook should be proactive it informing their users about rogue apps or maybe they just can't directly tell their users that "our system can't identify yet which apps are legit so if you get an app request that (description of a rogue app), please report it."

  4. Ernie Smart · 1298 days ago

    Keep them coming. Even if you have posted lots of them, we keep learning.

    Thanks for doing a fine job!!!

  5. Thu Win · 1298 days ago

    The most obvious clue that an app is a rogue is the surveys. If the app ask you to fill a survey to continue further you can bet its a a rogue app!

    • The problem is that typically you only find out about the survey *after* you have given permission for the app to cause mischief on your Facebook profile.. :-(

  6. I'm not going to respond positively to every user or application warning me that my Facebook account is to be closed.
    They tell me Facebook is going to close its account? Well.... there will be an answer - Let it be!

  7. Pam · 1279 days ago

    I tried to share this article to my Facebook page and got a message that it has been reported as spammy and it won't let me post it. I couldn't even send it in a message to the friend who posted it. So, they may have found a way around your warnings.

    • Can you take a screen shot of the message you're seeing and send it to us at tips@sophos.com ?

      Sounds to me like perhaps Facebook's anti-spam feature might be a little too trigger-happy and is blocking the warnings by mistake!

      • I had the same problem when using the Facebook share link. But copying and pasting the link into my status worked fine.

  8. Kll · 1264 days ago

    I just saw a "warning" today. Posting this link onto my page...

  9. Deb-B · 1231 days ago

    Thank you for posting. I saw it today. I knew right away that it was more than likely a scam. It's amazing how naiive people are, falling for and believing everything they read but as long as they continue that way it's good that you clarify the information.

  10. Parvez ali · 571 days ago

    Closed my all accounts

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.