Sophos Cloud Optix
Toni, one of the members of the Sophos Facebook page, just got in touch with me asking if I’d seen the latest scam spreading virally across the social network.
Users are seeing messages posted by their online friends about teen popstar Miley Cyrus. They look like the following:
SICK! I lost all respect for Miley Cyrus when I saw this photo
We have seen a number of different URLs being used in the messages, but they all redirect to a page which shows a traffic sign-like image of the word “respect” crossed out in red.
The page also says “SICK! I lost all respect for Miley Cyrus when I saw this photo” followed by a large flashing graphical button labelled “CLICK HERE” under the message “Please click here, then ALLOW to see the photo.”
Regular readers of Naked Security like Toni will already be smelling something fishy at this point, but there will inevitably be some Facebook users who will feel compelled to explore further.
I’ll save you the trouble of risking your Facebook account, by explaining what happens next.
If you do click on the “CLICK HERE” button you will be taken to a standard Facebook application permissions dialog, which asks for you to approve the third-party app to access your personal data, send you emails, post status messages and pictures to your wall.
It’s hard to believe that people would allow this to happen, but if you’re desperate to see a picture of Miley Cyrus which will make you lose all respect for her (the mind boggles..) then you may well click further on.
Unfortunately continuing is a mistake, as you will be lead directly to a CPALead survey, which earns the scammers money every time one of their dumb questionnaires is answered.
The scammers only need a few people to complete their survey to make it financially worthwhile to build rogue applications like this – that’s why there are so many of them. If only Facebook took a tougher line about the applications it allowed on its network.
If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.
Here’s a quick YouTube video where I show you how to clean-up your Facebook account from such an attack:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you’re a member of Facebook and want to learn more about security threats you should join the thriving community on the Sophos Facebook page.
Do you think Facebook is doing enough to stamp out survey scams like this, or is it the fault of the Facebook users themselves? Let us know what you think by leaving a comment below.
Good article Graham, keep those blog posts coming. Herd the sheep towards priv & sec awareness !
Me neither. I would never allow any app to post on my page but now I have it in my "likes" and can't get rid of it because it says my connection failed for about a million times. Strangely I can remove every other item without a problem.
Use the X in the upper right corner when you mouse over, and mark it as SPAM. That will remove it. It does not show up in your apps.
There is a new variant of this scam. It 'likes' itself. Remove the notification from your wall, then remove the like itself at: http://www.facebook.com/editprofile.php?sk=activi…
(click 'Show Other Pages', find it and remove it).
I've got this now, but I can't remove it! It seems to be hidden when I go to edit profile, and if I try to delete it from my wall the delete button is disabled… This is a sneaky, sneaky facebook virus!
When you consider the events documented at http://www,facebookcensorship.org
it makes the Facebook despicable app security even more disgusting.
Bro. Winter
yeah I never click on those things and I did one last night by accident. figured out what it was after it posted on my wall w/out my permission. They are becoming less obvious and more invasive.
There’s a version of this that can post on your wall without showing the permission dialogue. It linked me to a fake Youtube page.
Yes, the variant you are talking about uses a "Clickjacking" attack.
That tactic seems to have risen in popularity again in the last few weeks. Some recent examples include the one which pretended to be a video of Hermione Granger actress Emma Watson: http://nakedsecurity.sophos.com/2011/03/01/lost-a…
Why would anyone ever hit the accept button to any app? It tells you that you are "giving them access to your information at any time, allowing them to email you, and post on your wall…" Wake up people! Why are you just giving this information to whatever company owns the app? The apps are useless anyways.
Have the same thing, without any apps allowed or anything liked in Facebook. Is there no way to stop this? I get a messy post on my profile once a day and it seriously annoys me.
Any hints?
I appreciate your help.
i want the unlike buttion
No site in internet is secure, 100 percent.
Even Facebook is weak, in my opinion, even this site itself.
That's why I always monitor what applications are accessing in my account.
And every time, malicious hackers and phishers
will never stop discovering security holes in such sites, even the most secure sites.
I have a video of Miley Cirus doing oral sex with someone. And it was sent to a lot of my friends. I didn't click on anything or even been on my account for a few days. How do I remove it from everyone's page?????
wow there's so many of these. i have never clicked on any (before today) but see them a lot.. i am getting tired of facebook's weaknesses.