Sophos Cloud Optix
Facebook users are being hit today by a new incarnation of a virally-spreading survey scam that has already claimed many scalps.
You may see messages from your Facebook friends like the following:
LOL !! Me cant believe that you can see who is viewing your profile! I can see the TOP 10 people and I am really OPENMOUTHED that my EX is still checking me every hour. You can also see WH0 CHECKS YOUR PR0FILE here-> [LINK]
Another version reads:
I cant believe that you can see who is viewing your profile! I can see the TOP 10 people and I am really OPENMOUTHED that my EX is still checking me every hour.You can also see WH0 CHECKS YOUR PR0FILE here @ [LINK]
If so, whatever you do, don’t click on the link. If you do make the mistake of clicking you will be asked to authorise a rogue third party application – which demands access to your Facebook profile.
If you give it permission (perhaps in the hope of finding out who has been viewing your Facebook profile) then you are giving it the right to post messages to your wall. And it will abuse that permission immediately, in an attempt to get your Facebook friends to click on the same link.
Meanwhile, you will find yourself faced by an online survey – designed to generate commission for the scammers.
Notice how the page has used a GEO IP lookup (it believes I am living near Reading in the UK) to try to lure me into believing that a sultry brunette might have been checking out my Facebook page. Yeah, as if..
In addition, there’s interesting use of the Windows Security Center’s shield icon – perhaps it’s being used to try to trick victims into believing that the survey is legitimate.
The fact is, however, that there’s no way of finding out who has been viewing your Facebook page – and any application which claims it is going to tell you who has been stalking your Facebook profile is lying.
If you’ve been affected by this scam, you should clean up your account before any further damage is done.
I’ve made a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams on Facebook:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.
You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.
I have found that apps do not always need you to actually click "allow". In fact clicking the link was enough to spread one a month or so ago, ie the "how much time do you spend on FB" link. So is there a way to stop this, or is it as simple as "do not click on links"?
That is something I would like to know on how it was possible. All you had to do was click on a link in a friends post.
Why don't the host sites like FaceBook do something to prevent this?
For example:
I had a google redirect bug that drove me insane for a week then I finally figured out how to get rid of it. Google should be able to stop that and it seems like they don't want to be bothered.
That leaves me thinking that they want it to happen.
Virus's – who wants them? Only the anti-virus people.
With out the virus makers there is NO NEED for the anti-virus people.
See where it goes? $$$
A redirect is not Google's responsibility nor would they know you are being "re-directed" it's malware. I suggest using a free home version of Ad-Aware for spyware/malware and AVG free home version for general virus protection.
Good luck!
what I don't understand is how do these things actually harm you, I know they're really annoying but of what benefit are they to the makers of them? Are they just annoying or can they damage my computer, I never do anything that asks me to 'allow' anyway