Sophos Cloud Optix
Sophos’s page on Facebook has thousands of members – sharing information about the latest threats. Today I’m indebted to one member, Robert, who alerted me to a new scam spreading virally across the social network.
Users are seeing updates from their online Facebook friends saying things like:
Amazing how such a harmless prank could cause something so bad! [LINK]
where the link points to a page on Facebook.
If you are tempted into clicking on the link (as many people have been) then you are taken to page urging you to give permission for a third party application to access your Facebook profile.
This is key for the scam to work. The application needs to be able to share its link virally with as many Facebook users as possible – that way, it can maximise revenue for the scammers.
You may not realise this of course. You may believe that you’re simply going to watch a video of a “harmless prank that ends in tragedy”.
If you do give permission to the rogue Facebook application, you’re presented with a page with an embedded YouTube video.
The video, which many may find disturbing even though it is clearly fake, shows a masked man waiting in a house for a returning woman. When the woman enters the house he jumps out on her and she runs out of the house and is hit by a passing car.
The video is available on YouTube, but is restricted to 18 year old users and older because of its disturbing content.
But the whole intention of the scam spreading on Facebook is to trick you into completing an online CPALead-affiliated survey which earns money for the scammers.
If you really want to watch videos like this (and I can’t imagine why you would), I’d urge you to dig them out on YouTube directly rather than helping to put money into the pockets of scammers who are making life on more and more of a drag each day. Because when you give a rogue application permission to access your Facebook profile, they’re going to use it to spread their spammy messages.
If you have been hit by a scam like this, delete the messages from your profile and remove the rogue applications that have access to your account.
Here’s a YouTube video where I show you how to clean-up your Facebook account:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
If you want to learn more about security threats on the social network and elsewhere on the internet, you could do a lot worse than join the Sophos Facebook page.
Robert is my cousin!
In which case please thank him on our behalf!
We always appreciate tips. We're not able to act on everyone we receive, and can't promise to reply to all of them but if anyone has something that they'd like to give us a heads-up they can contact the Naked Security team at tip@sophos.com
You know…I actually clicked on that graphic thinking that a video will play! ohahahah Thanks for FB scam warning though. Have tweeted it and FBed it! 🙂
It is only scam if there is no content after the survey, if there is appropriate content then it is not a scam and who in hell urges a person to click on these applications anyways. Its not like these apps force your hands to drag the mouse and click on them! It is a person’s curiosity that makes them click and allow the app and if they dont like filling surveys then Just simply dont.. No one is forcing you to do that either.. Just delete the app and move on and if something is misleading then report the app to the fb.. But if u really want to see something then just fill the damn survey.. Stop calling everything a scam!!
It's still a scam even if it does eventually lead you to a YouTube video.
It tricks you by sharing a link via your Facebook page, without your knowledge. It lies to you by saying you need to take a survey to prove that you're not a "bot", but in fact it's in order to make money. It fools victims into believing that their friends are sharing a link with them when they're not.
It's a scam.
It's funny how you write about each new application that pops up telling people nonsense, like calling them "worms", saying that they steal information and etc. While I can't see anything harmful about them, apart that they post a message, while on the other hand a user gives permission to do so… I can imagine that your company had a good run providing misleading info about those apps and, in my opinion, this boosted the sales of your security software. It is good that you report something malicious going on on FB but posting the same stuff numerous of times is just silly.
Please, Graham, find something better to write about because this doesn't seem to be a crucial security risk or anything.
Thanks.
Sorry, you don't like the articles about rogue applications and survey scams on Facebook. If you don't like the articles – you don't have to read them!
Plenty of people do like to read them, however. As you can see in our "most popular posts" widget, our Facebook-related articles are amongst the most-read stories on Naked Security. I think that's because we've seen a *lot* of Facebook users hit by these things – it's certainly a growing problem.
Hundreds of thousands of users have found their Facebook profiles taken over by rogue applications since earlier this year, posting messages (which at the very least must be considered spam) without their permission to dupe their online friends and family… all to benefit the scammers who earn commission for each survey that is completed.
Rogue applications don't just have the ability to spread spammy links – they can also steal information, publish embarrassing messages to corporate pages, and potentially spread malicious links too. Users need to be warned about these threats and revoke the rights of rogue applications.
Facebook is taking legal action against some of the people it believes are behind scams like this (read http://nakedsecurity.sophos.com/2010/10/22/facebo… so they clearly feel it's a serious problem too.
There are actually a *lot* more Facebook survey scams than the ones I write up about on Naked Security, but it would be a full-time job for several people to document all of them!
Do I believe it has boosted sales of our security software? I would doubt it. Sophos is focused on the business market, and enterprises are unlikely to make an impulse purchasing decision purely based upon some blog posts by me about Facebook rogue apps.
Anyway, if you don't like 'em – don't read 'em. Simple as that. 🙂 In the meantime, there are plenty of Facebook users who need to learn how to avoid them – and I think it would be good if more of us helped them do that.
Yes, I am aware of those lawsuits, but it seems that they used a whole lot more serious stuff than "See a shocking video" kind of thing. They promised unreal content like gold accounts and etc.
I am sure that such kind of applications, like the one mentioned above, are not intended to steal information and take over your profile because those are created by kiddies who probalby buy the scripts. You mentioned that "rogue" applications take over your profile, but they do not have any malicious code, so Facebook itself allows to post links and other stuff. There are lost of game apps which use the same method and post messages even when users don't want to do it.
As far as I understand, those "video" applications are created by kids who simply don't understand that they are doing something wrong, and besides, networks pay commisions even though they know what kind of traffic is provided to them, then maybe they are to blaim. Claiming that every person behind such kind of applications are scammers, cybercriminals etc is not appropriate because their intention is only to get few bucks from them surveys not to hack, steal or do something like that.
If it is such a big deal, then Facebook should review every single application before it is allowed to function.
1) Sorry but you are wrong with this statement…
" Hundreds of thousands of users have found their Facebook profiles taken over by rogue applications since earlier this year, posting messages (which at the very least must be considered spam) <without their permission>"
When they use the app the specifically give their permissions for the apps to make posts on their wall…..and the permission to make Offline posts….. How do you want them to approve these offline posts if they are offline lol…. and if was not ok then why give permission… I see no scam in that….
2) And you say it's a scam because you have to complete a survey for security reasons…. not all surveys ask that you complete for security reasons… and maybe it's just a marketing strategy that's all… pretty talking…
3) Fb took action on that guy because he was promoting fake and misleading content.
P.S.: I agree that they have spammy behavior, but I think it's only the users fault because they allow these permissions…..and not remove it and let them "take over their account"
I have to disagree with you Lanny. My son was offline when I was on facebook. I started seeing posts from him on my page. He was up in bed sleeping. And you can't say he was sneaking around in his room on the internet. We have two computers in the house. Both are in the same room. I'm the only one up. So how is it that there where posts being made while he was offline! All he did was clicked on a link saying to watch a video. Oh and also his account was canceled by facebook. So it does happen. On a side note…There was nothing saying they would post messages for you.
Nicely put. You handled this perfectly. Keep up the fantastic work. I genuinely appreciate the warnings.
I agree, thank you Sophos!
and how do they make money when all you do is click a link?
never mind – got my answer…
For anyone else who's wondering..
Companies like CPALead run online surveys on behalf of other firms, and give a cut of the money they make to affiliates who drive referral traffic to sites containing the surveys.
Some affiliates use dirty tricks (like rogue applications on Facebook) to maximise the number of people who are taken to their scams – and thus earn them more commission.
What's offensive is not only the claims but this is an annoying time stealer. If you see something from a friend you think it may be interesting only to have to click a bunch of times and review if it's really from a friend and review that you are giving permission… it all takes time and it's annoying and the payoff is meaningless.
anything on fb that needs access to my profile etc is nothing more than crap
Just clicking it automatically makes you "like" it and it posts to your profile page without permission. As soon as I saw it was fake I closed it but too late, it had posted on my page that I "liked" it. Grrrr!
I just clicked on one and it asked me to take a survey to verify my age, it then asked me to type my phone number in the box to get my survey results. It actually signs you up to a subscription service costing $13.20 initially and then $13.20 every two days.
Any link that does something that you didn't consciously give it permission to do is malicious in my books and its perfectly fine to post it here as malware. It is a social virus that relies on human curiosity to flourish.
First, it shows up in your media feed as being from one of your friends. This gives it a level of trust as you believe your friend has already viewed and approved the link.
Second it asks for further permissions on a false premise. It wants you to believe it needs the permission to show you the link, but it doesn't.
Third, it seeks even more personal information by getting you to fill out a survey, which also provides funding to the scammer, yet no funding to you. Most of these online surveys can be completed through official survey organizations who reimburse YOU for your time, not someone else.
Finally, after all of this data mining, you get to see a video you could have seen yourself, without any of this.
As soon as a link does something it didn't tell me it was going to do, it gets reported and I reverse what it did. Its just wrong. With this particular link, I unliked and deleted the post it made. Damage reversed within seconds.
To the people belittling the damage this sort of application can do- I once clicked on a link apparently from a friend telling me to look at a video she had found, it turned out to be an obcene video which shared itself to my wall and the walls of ALL my friends without asking ANY permission questions. Took me hours to delete all the posts 'I' had apparently made. I work in a primary school and am very careful about the content of my facebook page because I choose to have a few parents as friends, can you imagine if I had not noticed straight away or not had time to go through every friend removing posts??
People discounting the damage and poo-pooing the article really do -not- know the programming and extent of these scams.