Have you seen a message like this on Facebook?
I just got the Dislike button, so now I can dislike all of your dumb posts lol!!
If so, don’t click on the link.
It’s the latest survey scam spreading virally across Facebook, using the tried-and-tested formula used in the past by other viral scams including “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”.
We’ve also seen slightly different wording – but pointing to the same scam.
Falling for any of these scams (which promise some lurid or eye-popping or exclusive content) typically trick you into giving a rogue Facebook application permission to access your profile, posting spam messages from your account and asking you to complete an online survey.
And the same is true with this latest scam, which tempts you with the offer of a “dislike” button (as opposed to the normal “like” button) so you can express your opinions on other users’ posts, links and uploads.
If you do give the app permission to run, it silently updates your Facebook status to promote the link that tricked you in the first place, thus spreading the message virally to your Facebook friends and online contacts:
But you still haven’t at this point been given a “Dislike” Facebook button, and the rogue application requires you to complete an online survey (which makes money for the scammers) before ultimately pointing you to a Firefox browser add-on for a Facebook dislike button developed by FaceMod.
As far as we can tell, FaceMod aren’t connected with the scam – their browser add-on is simply being used as bait.
So, if you really want to try out FaceMod’s add-on (and note – we’re not endorsing it, and haven’t verified if it works or not), get it direct from the Firefox Add-ons webpage, not by giving a rogue application permission to access your Facebook profile.
Update: Thomas Moquet, whose picture appeared originally in one of the graphics above, has made the following statement about the incident:
"In an article dated August 16, 2010, Sophos announced the existence of a Facebook 'scam'. I have indeed developed the Facebook Dislike software allowing Facebook users to show the 'Dislike' option on the Facebook profile of another user. But I am not related, in any way, with the 'scam' denounced by Sophos. The person who created this 'scam' has diverted my software and my Facebook profile in order to collect fraudulently personal data."
If you’re on Facebook, and want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.