Have your Facebook friends invited you to switch your boring blue Facebook profile to an attractive shade of red, black or shocking pink?
Judging by the number of messages the Naked Security team has received from Facebook users struck by the scam in the last few days, many social networking users must have seen similar messages to the following:
Switch to Pink Facebook (Limited Time!)
Say goodbye to the boring blue profile and say hello to the pink profile!!
Switch to Red Facebook (Limited Time!)
Say goodbye to the boring blue profile and say hello to the red profile!!
So what happens if you click on one of these links? Well, typically, are you are told that you must take multiple steps to receive your differently hue of Facebook.
Firstly, you are told to share the link with your online friends. This should be the first indication that something is amiss – after all, what legitimate feature or organisation would require you to share news of it *before* you have actually experienced what – if anything – it can do for you?
Secondly, you are asked to leave a comment – extolling the wonderfulness of your new pink or red Facebook. Remember – at this point your Facebook is still decidedly blue. Any comment you leave will, of course, act as an endorsement and could be seen by your online friends and encourage them to also participate.
Predictably, the point of all of this sharing is to drive more traffic to the scammers’ link where an online survey will pop-up. The more people who take the survey, the more commission that the scammers will earn.
That’s not to say, of course, that it’s impossible to turn your Facebook pink, red or black if you really want to. For instance, there are number of GreaseMonkey scripts which will work alongside the Firefox web browser to customise the look of Facebook – just as the look of eBay or GMail can be similarly changed on the fly if you choose.
Clearly there’s a demand for such customisation – even if it serves no practical purpose. But just make sure that your hunger for a pink-themed Facebook doesn’t lead you into a scheme designed purely to earn money for scammers.
If you’re one of the many people who fell for this or similar scams, please check your Facebook page to ensure that you are not spreading any messages to your online friends and ensure that you have revoked any Facebook applications, events and “like”d pages that you are uncomfortable with.
If you use Facebook and want to get an early warning about the latest attacks, you should join the Sophos Facebook page where we have a thriving community of over 150,000 people.