Another scam is being spammed out across Facebook, tricking users into helping its spread by fooling them into believing they will discover who is secretly viewing their profile.
Using a cartoon image of what appears to be a chimpanzee looking through binoculars,
the messages are being sent from other Facebook users who have already fallen into the trap of clicking on the link and following the scammers’ instructions.
Clicking on the link contained inside the message (which I have obscured in the screen grab below) is a big mistake, as it takes you one step further into the criminals’ trap.
WICKED! Now you can see who views your facebook profile.. i saw my top profile stalkers and my EX is still creeping my profile every day
Checkout your PROFILE stalkers
[LINK]
Now you can see who stalks your profile daily
If you do click on the link you are taken to a third-party webpage which urges you to cut-and-paste some JavaScript code into your web browser’s address bar. The page claims that it is your unique code to view your Top 10 Profile Spys – but it’s not true at all.
This is a trick being commonly used by scammers at the moment. If you paste their code into your address bar, it will typically pass the message onto other Facebook users – including your online friends. We recently saw it deployed in a Facebook scam offering a “Dislike” button for instance.
Ultimately scams this typically end up with you being taken to a webpage which asks you to complete a survey – and the scammers earn commission for each survey completed.
Don’t let the scammers make a monkey of you, and don’t risk spreading a scam like this to your online friends.
If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 100,000 people.
Update: I’m reliably informed that the cartoon chimp is Curious George.
I found one of these scams a few weeks ago. I had a look at the Javascript file that it executes, and was amused to discover that it was neatly formatted, commented and even had a debugging flag. If you want to have a look at the code, let me know via Twitter or email.
It’s back again! Or at least another form of this scam, I just got reeled into it and now I can’t get out… ONE POUND FIFTY PER TEXT!!!