Sophos Cloud Optix
Following the “11.6 hours” scam which flourished on Twitter yesterday, you would hope that everyone would be wise to the threat of allowing unknown apps unfettered rights to post to your social networking account.
However, I wouldn’t be surprised if we see more and more scams which attempt to increase their chances of success by targeting both Facebook and Twitter users at the same time.
For example, here’s a scam which is spreading virally on Facebook right now.
Cool,man I cannot believe that you can see who is viewing your profile. ! I just saw my top 10 profile stalkers and I am SHOCKED that my Ex is still viewing my profile :O ! You can see WHO VIEWED YOUR PROFILE here--[LINK]
If you click on the link you’ll ultimately share the link from your own account and be required to take a revenue-generating survey scam. We’ve discussed these sorts of scams many times before, of course, and provided details of how to clean-up your Facebook profile afterwards.
Meanwhile, earlier today, a very similarly phrased scam was spreading on Twitter with the same intention of making money for the bad guys.
I just viewed my TOP 10 Profile STALKERS - [LINK]
The good news is that the links being used by this scam on Twitter appear to have now been blocked by bit.ly (although they may, of course, spring up again under a different guise). If you did manage to reach the destination that the scammers wanted, however, you would have been urged to connect a third-party application with your Twitter account.
Giving permission to such an app is just what the scammers want, and the app doesn’t waste any time exploiting the opportunity to post to your Twitter account – spreading its link even wider.
Meanwhile, the promise of discovering who are your top 10 profile stalkers on Twitter might be enough to tempt you into taking a survey which earns money for the scammers.
Needless to say, you never do find out who has really viewed your Facebook page or Twitter profile – but you have helped put some cash in the pocket of the scammers.
Don’t encourage them to distribute scams like this, and always exercise caution about which third party apps you allow to connect with your social networking accounts.
If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers. Meanwhile, Facebook users would be wise to join the Sophos Facebook page, where we give early warning about new threats.
you people are just great. Keep it up, guys.
Why doesn't Facebook detect and block these scams immediately? Are they getting a piece of the ill-gotten proceeds?
If you guys ever take notice at who is serving these ads… 99% of these survey spammers are from CPALead.com. It's surprising no one has looked into that – why is that affiliate program not making an effort to reduce this behavior? Seems like they are encouraging it instead.
You may find this of interest: http://nakedsecurity.sophos.com/2010/10/22/facebo…
Graham,
If you take note of the case – it is fully resolved and the defendant only paid an $85,00 fine. That's nothing.
Is this just? I don't think so. Just saying.
Yeah, I tried, but blocked it when I saw that it wanted me to do a survey…
All these scammers come from CPALead – you can buy the scripts which do this for about $30, and they're regularly updated. I was a member of CPALead, just as a bit of blackhat research and people were earning upwards of $10,000 per DAY (people can announce their earnings via chat, and the earnings are pulled from the CPALead database). They all share their techniques and actively help each other pull off these survey scams.
After Facebook changed some of their algorithms for detecting spam (and introducing the requirements for verifying accounts) people found it much more difficult to actually do it. But then people pop up selling hundreds of Facebook accounts with verified details and a full profile for a couple of dollars a pop.
Just a bit more information, there are two major competing apps, one called TinieApp and the other is by a guy who calls himself FB Expert.
I'm surprised Facebook haven't detected footprints for these scripts (I have both scripts and the code they output is easily detectable).
The image you have in your blog article for the "Anti Spam survey" is a default image that comes with one of these apps (I've forgotten which specific app it is). The reason why CPA Lead is not cracking down on these guys is because they are making tens of thousands of dollars from them every day. Their recent party in Las Vegas where they're raffled off the owners Maserati is testament to that.
This is all just the beginning of the spam chain, once the survey is filled in all the data that has been collected is used by unscrupulous individuals/companies to spam and get people to sign up to premium services which are very hard to unsubscribe from. These companies are paying up to $3/$4 per survey filled – they wouldn't be doing this if they weren't making significant gains on that investment.
I have to be honest, I did look into all of this as a way to make money, but I couldn't morally do it – I just imagined my mother filling in a survey and getting spammed to death while losing a lot of money in the process
Scam is still going round on Twitter — someone I follow was infected tonight. As the scam was using bit.ly links, I told them on Twitter @bitly. The malicious links had stopped working within ten minutes! Was very impressed.
I actually see the top ten stalkers post via mobile, but if I go in via web on my home pc that same post is not showing up. I am quite well versed on these type of scams so I have no idea how it's showing up on my mobile profile page but the online page it isn't there.
I really love this blog, I read it all the time. I actually got this spamming link on my facebook and I couldn't remove it at the beginning. Someone tagged me and it was stuck. I finally was able to get rid of it. When is all these spammers are going to go away. I dream of a day, where spammers and virus creators will find other things to keep them busy.
I got caught!!! what do i do now?
My friend told me to go on the exact same website and it told me i was the 800 person to visit the website so i won a free ipad 2. But it screwed up my face book acount! I cant delete pictures because the website sends you a pic of who your top stalker is and you cant delete it. But is said it was my aunt that was the top stalker and visits facebook like every couple months so they are lying too! I AM SO MAD!!!!!!!!
some one really is stalking my profile they call me too and harass me how do i take care of this problem i cant go to the cops because i don't know who it is all i know is its someone from Texas