A YouTube video is beginning to be shared widely across the internet this weekend, apparently showing a girl in a mall, who is so distracted by sending text messages on her mobile phone that she falls into a fountain.
The footage appears to be taken from CCTV security cameras and you can hear the laughter of mall employees as they watch the girl time and time again fall face first into the fountain.
(This does, of course, raise questions of privacy if the video was not staged. Should security workers really be posting CCTV footage onto YouTube for entertainment purposes? But that’s a debate which is off-topic for the purposes of this article.)
What’s most of interest to Naked Security readers is that scammers appear to be exploiting the rising popularity of the video for their own financial ends.
Experts at Sophos have discovered a rogue application on Facebook which sends links from your profile, claiming to point to the video – but which are really intended to generate income for the scammers by making you complete surveys and compromise your account to spread the links even further.
Imagine you see a message like the following posted by one of your Facebook friends. Would you click on the link?
If you were to click then you would be taken to a flashy advert for the video you are about to see:
The page reads:
GIRL FALLS IN TO FOUNTAIN BECAUSE SHES TOO BUSY TEXTING TO LOOK UP!
This is why your not supposed to text and drive or even text and WALK apparently! This chick epic failed by walking in to a water fountain because she was too busy talking on her phone to PAY ATTENTION TO WHATS IN FRONT OF HER
CLICK HERE TO WATCH THE WHOLE VIDEO!
If you do click to see more, then you are asked to give permission for a third-party Facebook application to access your account.
As you can see (if you bother to read the small print), the rogue application wants to access your name, gender, list of friends, profile picture and other information. It also requests the rights to post to your wall (including any Facebook pages you manage) and even email you directly.
Should this really be necessary in order to watch a video that’s freely available on YouTube?
Unfortunately some people won’t worry about their privacy at this point, and happily give the application written by complete strangers to access their accounts in order to spread the spammy message.
So what have the bad guys got to gain from this? Well, they try to trick you into completing a survey before you can watch the video.
Remember, the video is freely available on YouTube, where you don’t need to complete any surveys. And everytime you complete the survey then you earn a little commission for the scammers who are spreading the messages. We have been in contact with Facebook’s security team, and asked them to shut down the offending pages.
So don’t make it easy for the scammers, and always be very cautious about what applications you allow to access your Facebook profile.
Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Keep your wits about you and stay informed about the latest scams spreading fast across Facebook. One of the best ways to do that is to join the Sophos Facebook page, where more than 50,000 people regularly share information on threats and discuss the latest security news.