Sophos Cloud Optix
With the help of my trusty pink crayon, I’m going to explain how the “OMG! Looks What Happens When DAUGHTER and FATHER Meet on CHAT ROULETTE!!” scam works.
First, you see a message looking something like the following on Facebook, posted by one of your friends:
OMG! Looks What Happens When DAUGHTER and FATHER Meet on CHAT ROULETTE!!
OMG How Embarrassing For Father And Daughter
This Is Disgusting i Bet you Did Not Expect This!
You will not believe this! This Is Just Sick
Tempted to click? Well, if you are a regular reader of the Naked Security blog you should know the score by now. But just in case you don’t, here it is illustrated with handy arrows..
You are tricked into giving permission for a rogue third party application to access your profile. That means they can post messages to your wall, peruse your personal information and so forth.
They might show you an image of an alleged father and daughter meeting on Chat Roulette, but chances are they’ll also try to make you complete a revenue-generating survey via CPALead too. Oh, and in the meantime, your Facebook profile has now blasted out the spam message to all of your online friends as well – thus spreading the scam virally.
And so the scam has gone full circle.
If only you hadn’t clicked on the link, eh?
If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.
Here’s a YouTube video where I show you how to clean-up your Facebook account:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you’re a member of Facebook and want to learn more about security threats you should join the thriving community on the Sophos Facebook page.
Do you think Facebook is doing enough to stamp out survey scams like this, or is it the fault of the Facebook users themselves? Let us know what you think by leaving a comment below.
Let the "clicker" beware.
Thank You SO much for reporting this things, I always share your posts, as I see friends clicking on these things ALL the time ! I'm almost at the point of doing away with face book due to these things. Thank you Graham !
Due to the vast majority of users on Facebook being of the very novice group, I think Facebook should start taking more proactive measures to prevent scams from being so easy to create, replicate and be published on the site such as those taken by Apple that you described in an earlier blog.
It's totally ridiculous that facebook "apps" get unlimited access to your profile. When I add a new app to my mobile phone, I get to see exactly what privileges it requires – facebook should implement something similar.
Facebook did that recently.
I wish all facebook users would take note, but sadly most won't..
Well, at least you present this stuff professionally, unlike some of theamateurs on here.
Thanks for all these explanations! I think facebook needs to do more. The average facebook user is pretty non-tech-savvy. I have friends who need help understanding the difference between facebook messages and wall postings and have no idea how to tell who can see their info, photos, etc.
I linked one of your earlier warnings on my wall. A few people said they'd clicked these things, but "nothing bad seemed to happen." I don't think they get that the apps are still there, poking around in their stuff. I'm visiting my in-laws on Thanksgiving and am going to help father-in-law get rid of all the bogus apps I know he's acquired!
Facebook should approve aps, like iTunes. If not, they should have two levels of aps (approved and non-approved) and have a big easy-to-understand DANGER warning if people choose to install unapproved aps.
My two cents!
Can I just ask, how is it a “scam”. User does a survey, we get paid, they unlock content. Who’s being scammed? O_o
Innocent people are being tricked into helping the perpetrators spam out a message via their friends to their online friends and contacts.
The users don't realise this is going to happen, and the scammers benefit financially.
That's a scam.
Thats not really the worst scam you can see. But its true we see more and more of those on Facebook.
I think using chatroulette for a scam is a good idea, since it tickles everyone’s curiosity 🙂
i think facebook could try a little harder and it is also the fault of the facebook users themselves. honestly i think people really need to stop being so f-ing stupid and actually read what the app wants to do. i will click on an app that looks legit but then i see that it wants to access my information even when im not using the application. i seen another application that said something about my phonebook! (yes facebook has a phonebook of friends numbers just go to account, edit friends, phonebook) i think facebook should screen the apps that people are creating before they go "public" for lack of a better word and have another team checking out all of the other apps that are already out there it will take some time but it will help the problem and i also think people should educate themselves to save their personal information and their friends' information