A Naked Security reader (you know who you are – thanks!) just reported that a friend posted an unexpected message on her wall – and on the walls of numerous mutual friends. She recognised the message as a typical watch-this-video survey scam, and stayed well away from it.
The message says, “Hey, [name]!! What the heck are you doing in this video! LOL”, and links directly to a Facebook application:
You might think that clicking the link just to have a peek might be harmless enough. After all, to get infected by a rogue application and to start spamming your friends, you still need to give that app permission to act on your behalf. As long as you stop short of that final step, you’ll be OK just poking around, right?
In this case, the link – which looks legitimate enough because of the “facebook.com” domain – ends up taking you not to an application installer, but apparently directly to a video-hosting site. For a brief moment, you’ll see a web page opening with the title “Videos here – Powered by CO.CC”:
For once, perhaps you’re going to get to see the promised video before you’re asked to Like it, or to install an app, or to take a pesky survey!
Do what our Naked Security reader did. She assumed the link didn’t come from her friend, and got rid of it. How hard is that?
Remember: curiosity killed the cat.
(If you’re a member of Facebook don’t forget to join the Sophos Facebook page to stay up-to-date with the latest security news.)