Bikini-clad women and photo tags aid Facebook scammers

Filed Under: Facebook, Social networks, Spam

If you're a Facebook user, please repeat after me:

Facebook doesn't let you track who is viewing your profile.

Third-party Facebook apps aren't allowed to do it either, and if they claim to offer the ability they are banned from Facebook.

Don't believe me? Here is the official word on the issue from Facebook itself:

Facebook statement

And yet, we continue to see scams spread far and wide across Facebook claiming to offer the functionality.

See this example, for instance, which tags a photograph of a woman sunbathing in her bikini with the names of Facebook users.

Bikini-wearing woman profile view Facebook scam

Because the photograph has been tagged with the names of Facebook users, they will see it appear in their newsfeed and will - no doubt - be curious to find out more.

Profile view scam

A comment on the photograph claims to point to a way for Facebook users to see who has been viewing their profile. The girl in the bikini was being used as tempting bait, just to bring traffic towards that link.

(You're probably thinking by now - wouldn't it be nice if Facebook gave its users the ability to opt-out of all photo tagging? Of choosing to never want to be tagged in a photo without their permission? And yes, it would be a very good idea - but Facebook seems less than keen to implement it).

If you're foolhardy enough to click on the link, you are taken through the process of adding a third party application - handing it the keys, effectively, to your profile and authorising it to post messages, photos and notes to your Facebook wall.

Rogue Facebook application

Of course, if you give it such permission it will simply perpetuate the scam - spreading it onto your friends using your and their names.

The purpose of all this subterfuge? To trick you into taking an online survey - which earns commission for the scammers.

Survey Scam

Remember - you should always think twice (and maybe three times!) before allowing an application to access your Facebook profile, as there are many rogue apps designed purely to make money for the scammers and spread their viral schemes to as many users as possible.

Photo tagging pictures of women wearing bikinis isn't the only way that the scammers bring traffic to their campaigns, of course. They still find old faithfuls, such as viral status messages, an effective means to spread enticing news of a way to view who has been viewing your profile.

Here's just such a scam spreading on Facebook as I write:


WOW l cant believe that u can see who ls viewing your profile! l just checked my TOP profile visitors and l am SHOCKED at who ls still checking my profile! You can also see WHO VIEWED YOUR PROFILE here: [LINK]

Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 100,000 people regularly share information on threats and discuss the latest security news.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

Hat-tip: Thanks to Naked Security reader Heidi for first alerting us to the bikini photo-tagging scam by sending us a tip

, , , , ,

You might like

4 Responses to Bikini-clad women and photo tags aid Facebook scammers

  1. Anonymous regular · 1505 days ago

    An interesting thing has been happening to me on Facebook, Graham and I thought you'd be interested too.

    Several months ago I got a message via Friends Reunited from the wife of my biological father, whom I haven't seen or heard from since I was 5 years old, asking if I wanted to get in touch with him. I offered her my email address (the same I use on Facebook) so he could get in touch with me.

    Recently, on quite a number of occasions, I have been having her profile show up on Facebook as one of the "people you might know" suggestions.

    Now I can tell you with 100% certainty that I have no on-line connections with her other than the Friends Reunited message nor any with my father for over 30 years except by email. Our lives (and families) have been totally separate and there are no Facebook connections, even remotely, that I know of.

    Why would her profile (or at least someone with the same name) now keep regularly coming up on "people you might know" suggestion lists?

    The only answer I can think of is that his wife used my email address to search for my Facebook profile and perhaps has been regularly viewing it (since most of it is public and I haven't received any friend requests from her). It would seem Facebook is using this fact of searching with an email address as a part of its algorithm for suggesting people we might know.

    So, if this is true, in one sense it may be possible to know (or at least guess) who is looking at your profile or using your email address to search for you.

    It also suggests that people should be aware that if they use an email address to search for someone.

    It might be useful for people to realise that such actions may not be as private as they think!

    • Mark Bamford · 1502 days ago

      Facebook has the facility to load your email address book to automatically look for people on Facebook with those addresses listed on their account. If anyone loads their address book with your email address in it, their profile will be suggested as someone you may know. Simple as that.

      • Anonymous regular · 1500 days ago

        That makes sense. Still potentially a privacy concern, albeit perhaps not as big as others. Facebook, I presume, does not offer the option to search for others under the radar without FB suggesting you to others, I bet. How many addresses to people have on their address book of people they are no longer in contact with or business/job contacts?

        Use of such tools should then be done with care if you want to keep your profile relatively hidden and low profile.

  2. Guest · 1504 days ago

    Simple solution.....delete your account from Facebook. No more scams...

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley