A new scam has spread quickly across Facebook this weekend, pretending to be a link to a TV news report about an alleged Facebook killer.
Here's a typical message that has been seen spreading between social networking users:
(BREAKING NEWS) Facebook-Killer
07-29-2011 - News гepoгts of a maп they are calling the 'Facebook Killer' have ƍone ramрant, he has claimed 9 lives in the United States so far that we ᴋnow
Other variants of the scam read:
(CNN) The Facebook-Killer
07-29-2011 - News reporтs of a man tһey are calling tһe 'Facebook Killer' have ɡone rampant, he hаs claimed 9 lives in tһe Uniтed Sтaтes so far thαt we know ..
Clicking on one of the links will take you, not to a genuine TV news report from the likes of CNN, but to a fake YouTube webpage instead, where you are tricked into sharing the link further with your online friends.
For those who haven't learned the scammers' trick yet, "Jaa" is Finnish for "Share". If you click the button, you're sharing the link with your friends *before* you have even seen the supposed video.
What's particularly interesting to me though is that the webpage appears to have attempted to work out where I am in the world, in an attempt to make the video more interesting to me. Through GEO-IP lookup techniques it has attempted to work out where in the world I am - and so is presenting (in my case) a video which claims the serial killer is in the British city of Salisbury.
Furthermore, if you look down the page you'll see supposed comments left by other viewers of the video including one which says:
This is UNREAL! I live in Salisbury
Again, however, this is a trick by the scammers. If you look at the webpage's code you will see that it substitutes the name of the city into the comments as well.
But imagine that you came to this page without your skeptical hat on. What would happen if you did click twice to "prove" that you were over 13 years old, and share the link with your friends?
Well, you would be taken to what is commonly termed as a survey scam. These are surveys, or competitions, which trick you into handing over your personal information and either earn the scammers commission or require you to sign-up for an expensive premium rate service.
Don't be tricked into clicking on such links and sharing them with your online friends - you're only making life more profitable for scammers who earn a crust from creating new spam campaigns on social networks.
If you got hit by this scam, make sure you have removed the entries from your news feed (to stop them being shared amongst your friends), marking them as spam if you like, and check your profile does not have any unwanted "Likes" under your "Likes and interests".
If you use Facebook and want to get an early warning about the latest attacks, I strongly recommend you join the Sophos Facebook page where we have a thriving community of over 100,000 people.Follow @NakedSecurity