18 months later, and Facebook Profile Viewer rogue apps still successfully tricking users

Filed Under: Facebook, Featured, Rogue applications, Social networks, Spam

Back in January 2011, I wrote an article bemoaning the state of Facebook security, and specifically its apparent inability to stamp out fake messages which claim to let you find out who has viewed your Facebook profile.

18 months on, and has anything changed?

Seemingly not, judging by the messages many Facebook users are seeing in their newsfeed.

Profile viewer scam message

COOL!! i cant believe its real and official we can now see who's viewing our profile, Check Who's Viewing Your Profile here: [LINK]

Here are some other variations, where the messages are being spread via shared photos on the social network:

Profile viewer scam message

Profile viewer scam message

Typically such messages, shared with you by your already-duped Facebook friends, lead to a rogue application or money-making online survey.

Once you have handed access of your account over to a rogue app, the scammers behind it can post whatever they like to your profile - including spammy and malicious links.

Profile viewer scam message

And these scams aren't just a problem today - there has been a constant stream of them hitting the accounts of innocent Facebook users, day after day, week after week.

I'm sure Facebook's security team have the best intentions, but my guess is that they are putting less focus on rogue apps and survey scams than other attacks on the site's 900 million users. These scams may not be as important as Facebook-aware malware and site-wide vulnerabilities, but they still need to dealt with.

Facebook isn't prepared to vet apps, leaving the door open for anyone to write a rogue application that can be used to hijack the accounts of the unwary.

Profile Viewer scamRogue applications can be used to scoop up personal information, or spread spam and scams rapidly across the social network. If you mistakenly installed a rogue app, remove the messages from your timeline, revoke the app's publishing rights and report it as spam to Facebook, and ensure that you have revoked its access to your account.

And don't forget - Facebook does not give you any way to find out who has been viewing your profile. Any application or link which claims it can reveal to you who has should be treated with great suspicion.

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 180,000 people regularly share information on threats and discuss the latest security news.

, , , , ,

You might like

15 Responses to 18 months later, and Facebook Profile Viewer rogue apps still successfully tricking users

  1. Dean · 736 days ago

    Thats because people are bloody stupid .. no other way of putting it, do they even know what a school is ?!

  2. Muhammad Badi · 736 days ago

    Sometimes you can't blame Facebook when users are not using their common sense to figure out that this is scam not a real app. However, it's the Internet community responsibility and Facebook-case responsibility to learn those who have no clue about scam.

    Awareness is needed and that is enough to stop those scammers from making apps that nobody will use.

  3. Stuart · 736 days ago

    Would it not be wise for some Facebook app creator to create an app which simply spam Facebooks scam team repeatedly telling them "there is an infection in the system! - COME FIND ME!!!" than have it send the message every 35 seconds and i bet they resolve the problems before the end of the week :-)

  4. Bobz · 736 days ago

    Facebook, along with Yahoo, Google, Microsoft, and even Apple have not treated this issue seriously enough. Simple reason is it takes away from their bottom line. Users have to scream bloddy murder before technology companies will seriously address security issues. Facebook is particularly bad because of its arrogant persona, typical of companies that get rich too fast.

  5. Internaut · 736 days ago

    I see the users are to blame again, for being "bloody stupid" and for not using common sense".

    Maybe I move if different circles, but some people were shown how to log in to Facebook, Like, Comment, and play games. Nothing more.

    I wonder of the commenters in all these Sophos Reply opportunities are "bloody stupid" or lack "common sense" if they go over the posted speed limit, can't play chess, can't program a new game, but only play it - etcetera.

    It is unfair, and IMHO, rude to belittle others simply because they don't have the same expertise as the authors that blame the users.

    So, I ask them, how does one educate the "bloody stupid", "idiots", and so on? Obviously, a lot of money is spent by people installing, or having it installed, security on their computers.

    A mechanic puts 4 new tires on a car. Is the owner stupid, or an idiot, or short of common sense if the next day they get a flat?

    Social media hangouts are ripe for the picking because of the the nature of the beast. How many people reading their mail look to check the spelling (faceboook), or source to make certain the source is one of their 10 or 10,000 friends, and, that it is a safe email?

    Come on guys/gals - use some "common sense" and stop sounding as if you are "bloody idiots" by flaming and blaming the victim.

    i

    • wakeywakey · 735 days ago

      Or perhaps people need to learn a few simple things to protect themselves? Because being online can be very harmful if you do not treat it with some respect. Therefore people just using websites without any regard for their protection or exposing their friends to problems are idiots, simple as that.

  6. Wunderlogik · 736 days ago

    FB is the new AOL

  7. Pete Miles · 735 days ago

    Perhaps not being a Facebook fan may help. But yes, users should be made more aware of the pitfalls of using social networking.

    We joined facebook about 20 months ago and immediately went through all the options as deep as possible and turned off as much as possible. Facebook didn't like that a bit, so they must have a way of seeing how users turn off the various bits and pieces.

    We deleted our account and took careful notice that the account would not be finally deleted for a year. So we never went back.

    Caveat Emptor.

  8. ATG · 731 days ago

    The Genius programmers, who aren't bloody stupid, can certainly design a security system that is in-your-face obvious,.and simple as hell to set. There is no reason it has to be so tedious and hidden. We're not impressed by complicated things, that's your thrill. We are impressed with user-friendly apps made by bloody intelligent programmers. FB has the most ridiculous security procedure, AND every time they modify the interface, they set things to the default setting, which is invariably the most exposing setting. I've busted them doing that over and over again. They don't bother to pop a window up and say exactly what will happen depending on what you click. They don't say, "If you click on the <Allow> button, this app will send things to anyone in your friends list as if it were from you, and you will not be notified on your wall or anywhere else, like you are with all of your legitimate posts; so we will notify and pester and pollute the walls of anyone you know until they block all newsfeeds and updates and statuses from you altogether just to get your app posts of their wall. Also, they will be informed of how often you visit these sites, AND if you allow kids to use your apps, they will be able to easily screw your world without any alert sent to you." That would be a responsible thing to say. Victims are not to be put on trial. Those of you who love to say that victims should be judged should not speak. Your words are useless and meant to distract from the ones at fault. Facebook, Fix yourself. It's the very least you can do for the fortune you suck out. You have an obligation to each and every user that brings you these absurd sums of money. One more thing, PEOPLE SHOULD NOT BE PERMITTED TO TAG ANYONE BUT THEMSELVES. PERIOD. Now you're getting people to put their friends identities into a permanent database by allowing anyone to identify faces in your invasive, sick face-recognition feature. That should be illegal and carry a life sentence for implementing such a dangerous thing.

  9. Robert Gracie · 702 days ago

    Simple question here.....

    Why hasnt facebook gone after the people behind it yet?!

  10. Lisbeth B N Andersen · 695 days ago

    Damn damn damn i clicked on the bloody thing .......and if i had been thinking security before " wow what the heck is this ,lets have a look at why FB has created this and why dose she use this app " in the middle of the night half sleeping , i would NOT sit here writing BUGGER ...

  11. RustyBarnacles · 617 days ago

    If any of you have been affected by the "shocking... at 17 she did this" like scam, the instructions below seem to work to remove it!

    1. Open your timeline / profile view (your name next to the small thumbnail profile pic)
    2. Scroll down until you reach your 'Likes'
    3. Click on 'See All' in the right hand corner of the likes box
    4. Then in your FAVOURITES not your likes, hover the mouse in the top right corner until you see 'edit'
    and left click it
    5. In the 'Favourites' box which opens, scroll down until you see 'Other Pages you like' which is right at the bottom
    of the box
    6. A box with 'other pages you like' should open
    7. unlike the scam like!

  12. all other website,for social networking to dating sites,are so much better imo whereas; you are able to see who is stalking your page,and or just simply whose visiting your profile on the web.I think FB will lose more people from not yet implementing,
    .
    and or engaging in such warranted feature. THINK OF SO MANY KIDS (who are on there)which idon't like but think of how many,and or ex spouse etc.who are feasibly stalking one online! it happen and at least the person shall KNOW ahead of time,
    .
    and be able to prove if warranted to law enforcement,such and such person is on the page,and are not suppose to be,and or if a child go missing (teen)on FB,and your needing such suspect,etc. there he is,or she is.

    i just feel it is warranted,to have on facebook a profile view,whereas; the LAST PERSON is seen pix,profile/name etc. with how the world is right now.and sadly FACEBOOK still has no page profile views,and i hope one day they get it,as so many other sites have it just about.

    adios

  13. Zeus · 520 days ago

    You open the door of your mind n soul to FBI and CIA. So, what to do want now? playing the victims is not smart enough or touchy. Get out of this web prison and live your lives with your own bodies....

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.