Valentine’s Day scams spread virally on Facebook


With Valentine’s Day approaching on February 14th, scammers on Facebook are ramping up their efforts to take advantage of the traditional day of love to make a quick buck out of unsuspecting users.

Facebook users are being tricked into clicking on messages that they believe their online friends have posted, saying who their Valentine will be in 2011 or how to put a heart or love poem on their sweetheart’s wall.

Valentine's Day scam message on Facebook

Is there a girl/boy you really like? why not show him/her via Facebook! give him/her a Love Poem and a Love Heart straight to his/her wall! Get Started Here: [LINK]

Find your Valentine

My Valentine this 2011 is going to be [NAME] :) See yours now! [LINK]/valentine

My Valentine date this 2011 is going to be [NAME]! Learn who yours will be now- [LINK]

Sophos has identified rogue Facebook applications with names such as Valentine’s Day and Special Valentine which are responsible for the messages, but it is possible that the scammers could have created others which use similarly love-themed messages.

If you make the mistake of clicking on the link you are taken to a splash screen which displays a teaser. Here’s one example, where the application claims it will “generate a random poem and send to one or many friends you select”.

According to this splash screen, the application has 220,673 monthly users – which may make you think that there’s nothing to be suspicious about.

Valentine's Day scam splash screen

Here’s the splash screen of another rogue Valentine’s Day application, which claims to have almost 7.5 million monthly active users:

Find Valentine

However, the third-party Valentine’s Day Facebook applications are rogue apps, trying to trick you into agreeing to give them the ability to post status messages to your wall as well as gather information about you including your name, photograph, gender and information about your friends.

Rogue Valentine's Day Facebook app

Clicking on “Allow” is a desperately bad idea, but plenty of Facebook users already have. What they don’t realise is that application craftily and instantly posts the message advertising the rogue app to your Facebook wall, hoping to draw your online friends into the money-making scheme.

Because the scammers are not really interested in your budding romance. They just want to make money. And they do that by tricking you into taking an online survey disguised as a “Facebook Anti-Spam Verification” dialog box.

Valentine's Day survey scam on Facebook

The scammers, of course, earn commission every time a survey is completed. This is a trick which they are using time and time again on Facebook, earning themselves cash by duping unsuspecting users into taking their surveys. Some surveys even ask you for your mobile phone number, and then sign you up for an expensive premium rate service.

As Valentine’s Day draws closer we can expect to see more and more scammers and cybercriminals attempt to exploit it – and not just on Facebook, in the past hackers have taken advantage of the international day of love to spread malicious ecards and trick users into running dangerous code on their computers. Make sure you keep your feet on the ground about your computer’s security.

If you have been hit by scams like this on Facebook, and are struggling to clean-up your profile, here’s a YouTube video I made which describes what steps you need to take:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 60,000 people regularly share information on threats and discuss the latest security news.