OMG? Not txtin again? Beware Facebook rogue applications

Filed Under: Facebook, Rogue applications, Social networks, Spam

Over the weekend I saw a large number of Facebook users were searching my blog for information about a Facebook scam that disguises itself as a status update saying the user will "never text again". A couple of times in the last few months we've seen this is a successful method for encouraging hundreds of thousands of unsuspecting Facebook users to click on a link.

Well, from the scammers point of view, if it ain't broke why fix it? Sure enough, they're using the ploy again to dupe Facebook addicts.

Earlier Facebook messages about never going to send a text message again

OMG! Im never going to send another text message again after seeing this! <LINK>

At the time of writing, these messages appear to have slowed on Facebook. But that may be because they have been superceded by a yet another new incarnation of the campaign, which uses different wording and spelling:

OMG! Im not txtin again now that I have seen this! Facebook update

OMG! Im not txtin again now that I have seen this! <LINK>

However, the link that these latest messages point to, which takes the user via the short url redirection service, remains the same.

Clicking on the link takes you to a Facebook page, which encourages you to click onward, and permit a rogue application to have access to your profile.

Im not txtin again now landing page on Facebook

Do you really want to give the rogue application permission to peruse your Facebook profile and the ability to email you directly?

But do you really want to give the rogue application permission to peruse your Facebook profile and the ability to email you directly? Just imagine how cybercriminals could take advantage of you giving them free reign to email you their spam messages or malicious links directly..

But many Facebook users probably aren't thinking about this, and after blindly handing control over to a third-party Facebook application, they will end up seeing a news story from the Sydney Morning Herald.

Ultimately, you are taken to a story in the Sydney Morning Herald

Of course, it's perfectly possible to read this news story (first published in the Sydney Morning Herald in September 2008) without giving permission to a rogue Facebook application.

(As a side note, it would be fascinating to hear from the SMH what kind of spike in web traffic they have seen coming to this old news article in the last few days).

The scammers, meanwhile, are keen to steal access to even more Facebook profiles. And behind the scenes they have already updated your own Facebook status to advertise the same message to all of your Facebook friends.

Your own Facebook status has been updated with the 'Im not txtin again' message

OMG! Im not txtin again now that I have seen this! <LINK>

And so the message spreads virally across the network, fuelled by users who click without thinking, and give access to third party applications without reading the small print.

If you fell foul of this or similar attacks, make sure that you check your application settings on Facebook, and remove the offending application's access to your profile.

Remove the rogue application from your Facebook settings

Here's a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

If you're on Facebook, and want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

, ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley