Who’s watching you really?

This morning while I was enjoying my coffee I received an event notification for my personal Facebook account. It was for a group called “See Who’s Spying On Your Profile – GET NOTIFIED -“. and “See Everyone Who Views Your Profile”. Immediately, my security hat went on and I started to investigate.

At first glance, they are both pyramid schemes. In both, you become a fan, then you have to suggest the page to 50 of your friends to move onto the next stage. From there the tactics diverge slightly. In the first one, you need to take a marketing quiz that asks for all sorts of personal info, and you need to put in your Facebook username and password, so they can “monitor” your profile. AND you have to provide them with your mobile number. Now wait a minute… why would they need my mobile number?

Hang on. That seems a bit “phishy” to me. Let’s check what they have to say on their wall.

Sure enough, based on the comments left on the page, this “notify” feature doesn’t work. This group had over 58,000 fans.

In the second one, it was not so much a phish as a way to get you to download a toolbar. In the invite is a shortened URL that leads to a download site. It’s a “social network” toolbar that has various “widgets” for social sites such as Facebook, Twitter, Flickr, etc. This group had over 300,000 members.

So wait a minute, more than 358,000 people have willingly given their login details with little thought. They were so concerned with who was “spying” on their profile (there’s been a lot of media about insurance companies accessing social media sites as a way to deny claims), that they fell for the bait – hook, line and sinker. If you are concerned about who is viewing your Facebook profile, please check out these links to lock down your privacy settings.

http://www.sophos.com/security/topic/facebook.html
http://www.sophos.com/security/best-practice/facebook/