Did Michael Jackson fake his death? Rogue Facebook app uses ghoulish lure

Michael Jackson may have died on June 25, 2009, but conspiracy theories about his death continue to thrive.

Perhaps one of the craziest theories is that the so-called Prince of Pop didn’t die at all, but instead faked his own death. It’s hard to imagine that anyone seriously believes this, but this is precisely the kind of thing that makes the internet go around – and so it’s not surprising that some ghoulish hackers might try and take advantage.

Here’s a message I found on Facebook:

Did Michael Jackson fake his death? Look at this video!

Clicking on the link takes you to an image of Michael Jackson wearing his trademark costume and bejewelled glove.

The page asks you to click on his image, which takes you to a third-party Facebook application.

At this point alarm bells should always be ringing. Why would you need to install an application to view the video? Why doesn’t the link point directly to a video hosted on Facebook or to a popular video website such as YouTube?

The application asks for permission to scour through the personal information on your Facebook profile, access data about your friends, post to your wall, and even send you personal emails.

Would you be prepared to give all this away to view a video? I’d hope not. But sadly many people on the internet might be intrigued enough to hand over permission with the promise of seeing a video.

Ultimately, you will see a video player – but it’s too late for your Facebook account which can now be accessed by parties unknown using their rogue application. You have effectively given them the keys to your house – so don’t be surprised if they rifle through your personal information, or use your Facebook account to spread more spam messages.

Scam video player

One thing I’m certain isn’t a hoax, however. And that’s that many Facebook users will fall for a scam like this.

If you’re one of them, make sure you revoke the application’s permission to access your Facebook account. You can do this via Account/ Privacy Settings/ Applications and Websites.

Revoke application's permission on Facebook

Don’t forget to also edit your profile to remove any unauthorised pages from your “Likes and interests”.

Here’s a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

If you’re on Facebook and want to learn more about security threats on the social network and elsewhere on the internet, I’d recommend you join the Sophos Facebook page.