OMG? Not txtin again? Beware Facebook rogue applications

OMG! Not txtin again? Facebook scam

Over the weekend I saw a large number of Facebook users were searching my blog for information about a Facebook scam that disguises itself as a status update saying the user will “never text again”. A couple of times in the last few months we’ve seen this is a successful method for encouraging hundreds of thousands of unsuspecting Facebook users to click on a link.

Well, from the scammers point of view, if it ain’t broke why fix it? Sure enough, they’re using the ploy again to dupe Facebook addicts.

Earlier Facebook messages about never going to send a text message again

OMG! Im never going to send another text message again after seeing this! <LINK>

At the time of writing, these messages appear to have slowed on Facebook. But that may be because they have been superceded by a yet another new incarnation of the campaign, which uses different wording and spelling:

OMG! Im not txtin again now that I have seen this! Facebook update

OMG! Im not txtin again now that I have seen this! <LINK>

However, the link that these latest messages point to, which takes the user via the tiny.cc short url redirection service, remains the same.

Clicking on the link takes you to a Facebook page, which encourages you to click onward, and permit a rogue application to have access to your profile.

Im not txtin again now landing page on Facebook

Do you really want to give the rogue application permission to peruse your Facebook profile and the ability to email you directly?

But do you really want to give the rogue application permission to peruse your Facebook profile and the ability to email you directly? Just imagine how cybercriminals could take advantage of you giving them free reign to email you their spam messages or malicious links directly..

But many Facebook users probably aren’t thinking about this, and after blindly handing control over to a third-party Facebook application, they will end up seeing a news story from the Sydney Morning Herald.

Ultimately, you are taken to a story in the Sydney Morning Herald

Of course, it’s perfectly possible to read this news story (first published in the Sydney Morning Herald in September 2008) without giving permission to a rogue Facebook application.

(As a side note, it would be fascinating to hear from the SMH what kind of spike in web traffic they have seen coming to this old news article in the last few days).

The scammers, meanwhile, are keen to steal access to even more Facebook profiles. And behind the scenes they have already updated your own Facebook status to advertise the same message to all of your Facebook friends.

Your own Facebook status has been updated with the 'Im not txtin again' message

OMG! Im not txtin again now that I have seen this! <LINK>

And so the message spreads virally across the network, fuelled by users who click without thinking, and give access to third party applications without reading the small print.

If you fell foul of this or similar attacks, make sure that you check your application settings on Facebook, and remove the offending application’s access to your profile.

Remove the rogue application from your Facebook settings

Here’s a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

If you’re on Facebook, and want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.