Skip to content
by
  • Products
  • Free Tools
  • Search
  • Free Sophos Home
XG Firewall
Next-Gen Firewall
Intercept X
Next-Gen Endpoint
  • Sophos Cloud Optix
  • Sophos Central
  • Sophos Mobile
  • Intercept X for Server
  • Secure Wi-Fi
  • Phish Threat
  • SafeGuard Encryption
  • Secure Email
  • SG UTM
  • Secure Web Gateway
For Home Users

Sophos Home protects every Mac and PC in your home

Learn More
Free Security Tools
Free Trials
Product Demos
Have you listened to our podcast? Listen now

PREVENTING SPAM scam on Facebook does exactly the opposite

12 May 2011 11 Facebook, Phishing, Social networks, Spam

Post navigation

Previous: Free T-shirts? It’s not a scam, it’s #decodeme again!
Next: Facebook announces new security features – but do they go far enough?
by Paul Ducklin

If you’re seeing Facebook messages asking you to “do your part in PREVENTING SPAM by VERIFYING YOUR ACCOUNT,” don’t do so – you’d be creating spam, not stopping it!

The messages look something like this:

Usually, however, the clickable links at the bottom of messages on your Wall – highlighted in pink below – should look like this:

The scammers have replaced the “Share” option with a link labelled “== VERIFY MY ACCOUNT ==”. Clicking this not only activates the Share option (which you no longer realise you’re pressing), but also invokes a raft of heavily obfuscated JavaScript from a site in the .info domain. (This site is blocked by the web protection software in Sophos’s endpoint and web gateway products.)

With all the unexpected Sharing going on, this message has spread like wild-fire. Instead of preventing spam, this particular campaign has been generating it at astonishing rates.

The good news is that Facebook seems to have taken some action to prevent the “Share” button being replaced in these messages. Since a few minutes ago, malicious messages appear with no links at all, like this:

The lessons to be learned from this outbreak of spam are as follows:

* Assume that messages which ask you to verify your account by clicking on a link are false. You wouldn’t (I hope) click on links in emails which claimed to come from your bank trying to panic you about your account. That would be a classic phishing scam using a false site to steal your username and password. So don’t trust that sort of link on Facebook, either.

* When you take some action on Facebook which doesn’t deliver what was promised – for example, if you end up Sharing or Liking something you didn’t intend to, or if you click through to an offer or competition which suddenly morphs into something completely different (a bait-and-switch) – assume you have been tricked. Review the side-effects of your actions. Remove any applications you may trustingly have accepted; unlike things you didn’t mean to like; and delete posts you didn’t intend to make.

* Be wary of unexpected changes to Facebook’s interface for Liking, Commenting, Sharing and so forth. Unfortunately, the nature of social networking sites is that they like to undergo rapid change. Cybercrooks exploit this by assuming that you accept ongoing changes as “part of how things work”. Don’t do so. If you see something different, check with an official source to see if it’s expected or not.

If sufficiently many Facebook users dig their heels in every time Facebook makes a gratuitous or confusing change in its interface, its privacy settings or its feature set, then it’s possible that Facebook will learn to adapt in ways which best suit the privacy and safety of its users, instead of adapting to improve its traffic and benefit its paying customers.

(Remember that as a Facebook user, you aren’t a customer. You’re effectively an informal employee, paid not in cash but in kind. Your “wage” is free access to the Facebook system. Your clicks generate the value for which Facebook can charge its customers – the advertisers who benefit from the fact that you use the network at all. Don’t sell yourself short.)

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

  • Follow @NakedSecurity on Twitter for the latest computer security news.

  • Follow @NakedSecurity on Instagram for exclusive pics, gifs, vids and LOLs!

Free tools

Sophos Firewall Home Edition

Boost your home network security.

Sophos Scan & Clean

Free second-opinion scanner for PCs.

Sophos Cloud Optix

Monitor 25 cloud assets for free.

Post navigation

Previous: Free T-shirts? It’s not a scam, it’s #decodeme again!
Next: Facebook announces new security features – but do they go far enough?

11 comments on “PREVENTING SPAM scam on Facebook does exactly the opposite”

  1. Peter L says:
    May 12, 2011 at 8:53 am

    Curious that these messages are sent 'via IPone', even when the user is known not to have one…

    Reply
    • yakulto says:
      May 12, 2011 at 9:09 am

      it was using the application id of the facebook for iphone app in sending those number of requests that people starting churning out after clicking the link.

      Reply
  2. yakulto says:
    May 12, 2011 at 9:01 am

    facebook also deleted posts matching the exact text from the spam postings. I reposted it as plain text (without the offending link) and the post disappeared from my wall suddenly.

    I am also surprised to learn that the javascript was obfuscated? tracked down a copy of the javascript in plain text while trying to analyze the spam.

    Reply
  3. yakulto says:
    May 12, 2011 at 9:08 am

    … and they put in captcha if you type into your status the phrase "VERIFY MY ACCOUNT"

    Reply
  4. Philip Verghese 'Ariel says:
    May 12, 2011 at 10:21 am

    Hi Sophos, Thanks a lot. for this Great Alert. Keep us inform.
    I am a victim of this type of scam at facebook, the other day with a catchy headline someone posted a video at my page and i just opened it and it went on to all my contacts pages and i tried to remove it, all in vain and within a fraction… of second i received a msg from facebook that you are banned for few hours for this activity. Indeed i am innocent in this and the great facebook blamed me for this, what i feel is a pure negligence of facebook which allow such scam video's in their pages, now i am happy to know from this post that they have taken some quick action to stop such scam or virus activity of others. Thanks Sophos for the alert, i noticed this from my friend Gust Mees’s page. Thanks Gust for the alert. Keep inform, facebook said few hours ban but now almost 24 hours over i am still in dilemma i can't post any link directly. Hey, anybody facebook admin hearing this cry? LOL

    Reply
  5. Peter Merrill says:
    May 12, 2011 at 1:11 pm

    Who is dumb enough to fall for that anyways? Of course I’m not going to think I have to verify my account if a friend of mine posts it. Anyone that fell for this should be removed from society, for they spend way too much time on Facebook and have learned a horrible impulsive mannerism.

    Reply
  6. Paula says:
    May 12, 2011 at 7:32 pm

    I am having a problem. I can't go back to older posts when I get on to check what I missed for the day. If I click on older posts I get sent back to the top of my wall. I can only access older posts when I use the secure setting. Https in green. If I play a game it removes this setting and I can't access the older posts. This never was like this until this week. Do I have a virus? My friends don't have this problem. Is there a fix? thanks.

    Reply
  7. Paula says:
    May 12, 2011 at 7:40 pm

    I am having a problem. I can’t go back to older posts when I get on to check what I missed for the day. If I click on older posts I get sent back to the top of my wall. I can only access older posts when I use the secure setting. Https in green. If I play a game it removes this setting and I can’t access the older posts. This never was like this until this week. Do I have a virus? My friends don’t have this problem. Is there a fix? thanks.

    Reply
  8. Toni Aull says:
    May 12, 2011 at 10:58 pm

    I have had FB friend posted this shared link on my wall and did not care to link to it, therefore I am SAFE…
    Thank You

    Reply
  9. Smith says:
    May 13, 2011 at 5:04 am

    Having the same problem as Paula, can't access older posts. I only have about 10 on my computer but I can view them all from the mobile app on my phone. Is it connected to this virus?

    Reply
  10. @jonny_boy27 says:
    May 13, 2011 at 11:14 am

    Simplest way of dealing with this: remove people who fall for this sort of scam – they're clearly not very bright and so probably won't have anything interesting to say, anyway.

    Reply

Leave a Reply to yakulto Cancel reply

Recommended reads

May03
by Paul Ducklin
3

Firefox hits 100*, fixes bugs… but no new zero-days this month

Mar18
by Paul Ducklin
6

OpenSSL patches infinite-loop DoS bug in certificate verification

Feb25
by Paul Ducklin
11

Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers?

  • About Naked Security
  • About Sophos
  • Send us a tip
  • Cookies
  • Privacy
  • Legal
  • Intercept X
  • Intercept X for Server
  • Intercept X for Mobile
  • XG Firewall
  • Sophos Email
  • Sophos Wireless
  • Managed Threat Response
  • Cloud Optix
  • Phish Threat
© 1997 - 2022 Sophos Ltd. All rights reserved. Powered by WordPress VIP