Have you found yourself tagged in a friend’s photo album on Facebook? Are the pictures of food sold at the Olive Garden restaurant chain?
If so, be very careful where you click.
Olive Garden Restaurant is giving out free dinners for a full month! Pickup yours today !!!
Olive Garden is supplying free dinner plates for one month! Pick up your food now!!
Olive Garden Restaurant is giving out complementary dinners for a full month!! Get your meals this instant! [LINK]
Unfortunately, Facebook doesn’t prevent third-party applications from tagging your friends’ names onto photos on your wall – even if there are no people pictured in the photograph! In this way, scammers can spread messages and adverts virally across Facebook with a high level of confidence that your friends will see them.
So what happens if you click on the link used in the captions on the photographs?
First thing you’ll find is that you’re taken to a page which attempts to convince you to authorise a rogue application. This is important for the scammers – if you allow their app to access your Facebook page they can then use *your* page and target *your* friends with their scam – spreading it further across the social network.
So, please don’t allow apps like this to access your profile – Don’t press “Allow”.
If you did allow the app to run, then it will create an album on your Facebook profile, containing images of Olive Garden food and tag your Facebook friends – sharing the images with them.
This is not only likely to raise the ire of your Facebook friends, it may also put them at risk of having their Facebook accounts compromised also.
Next on the menu for the scammers is to make some money out of you – they do this by taking you to a webpage which contains a survey scam (they earn money for each survey completed) or other affiliate offers.
Here’s the example I ended up at when I used my Facebook researcher account to investigate this scam:
There’s no reason, by the way, to believe that the Olive Garden restaurant group is involved in this scam. As far as we can tell, they appear to be innocent victims – having their brand name abused in this fashion.
We’ve seen scammers abuse Facebook in similar ways before, tagging photographs claiming to promote Twilight Breaking Dawn games, and images of Playboy-style bunny girls, but it can also be done with plates of food!
If you’ve been hit by a scam like this, revoke the rogue application’s access rights and delete the offending photo album.
Unfortunately, for reasons best known to itself, Facebook doesn’t allow you to stop people (and applications) from tagging photos with your name in the first place.
This feels to me like a basic privacy option that is essential for Facebook, but there’s no sign that they’re going to add it anytime soon. In fact, they’re introducing a technology which will automatically tag photographs using facial recognition software. Yuck.
You can learn more about how to best configure Facebook’s settings to protect your privacy in our online guide.
If you don’t want to get caught out again, or simply want to learn more about security threats on the social network and elsewhere on the internet, I would strongly recommend you join the Sophos Facebook page where we provide early warnings about such attacks.
Hat-tip: Thanks to Naked Security reader Andrea Behrens for helping us with this article, and the many other readers who took the time to write to us about this scam.