Every day the team at Naked Security is deluged with emails from Facebook users reporting the latest scams that they have seen spreading via the social network.
Although we write about some of these, we simply don’t have enough hours in the day to document all of them – so we try to stick to the ones that are particularly widespread or worthy of interest.
This morning I came across a Facebook scam which used a slightly different piece of social engineering to trick you into participating in its revenue-generating online survey.
As you’ll have noted if you have been reading our recent articles, we’ve noticed a rise in the number of Facebook users whose accounts are spreading messages regarding a supposed webcam video of a girl committing suicide.
Here’s an example of just such a scam that we saw this morning:
Jessy, 22 yrs Girl from Miami committed Suicide before a Cam after breakup. First time a Live suicide death video of true lovers in the history on a Cam [LINK]
So far, so normal. The link points to a rogue application that tricks you into granting it permission to post to your Facebook wall.
Clicking on “Approve” isn’t the wisest of ideas, because you’re allowing complete strangers to post messages – via the rogue application – to your Facebook page. These messages then get seen by your Facebook friends, and in this way the message can spread virally and rapidly across the social network.
Again, there’s been nothing unusual so far.
Now, when testing this particular rogue application, I happened to use a bogus Facebook account called “Zack Muckerburg”. And this is where we can see that the scammers are using a new trick.
Because my test account’s name and the avatar I created for Zack are clearly displayed in the webpage that the scam displays:
The message reads:
Please Verify That You are [NAME]
Helping To Protect Your Identity and Personal Information
Of course, if you were the Facebook user who had clicked on the link you would have seen your name and profile picture there – it’s the scammers’ way of trying to trick you into participating in their survey.
And the online survey being run by the scammers earns them cash for every questionnaire that is completed.
By using your personal information (your name and profile picture, in this case) which were extracted from your account the scammers hope to look more authentic. Their belief is that you are more likely to take the survey if they can convince you that they are somehow affiliated with Facebook.
Meanwhile, the rogue app has posted the viral link onto your Facebook wall. Here’s the example from poor old Zack Muckerberg..
If you have been hit by scams like this on Facebook, and are struggling to clean-up your profile, here’s a YouTube video I made which describes what steps you need to take:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
By the way, it’s not just through the use of rogue applications that we are seeing scams spread across Facebook. In the last week or so we have seen a marked resurgence in “clickjacking” where you can be tricked into saying you “Like” a link or webpage simply by clicking anywhere on the offending page. If you’ve seen mysterious “Likes” appear on your newsfeed, without your explicit approval, this is likely to be the reason.
Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 60,000 people regularly share information on threats and discuss the latest security news.
You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.