Facebook is a breeding ground for scammers, cybercriminals and mischief-makers. If you don’t have your wits about you, you might be easy prey for the bad guys.
A number of Facebook-using Naked Security readers have been in touch regarding a message they have seen from their friends, pointing them to what appears to be an official-looking notice from Facebook:
Warning : Announcement from Facebook Verification Team: All Profiles must be verified before 15th June 2012 to avoid Scams under SOPA and PIPA Act. The unverified accounts will be terminated. Verify your Account by steps below.
June 15th? Isn’t that today?
It’s certainly strange that this account verification process is happening on Facebook, and yet none of the media are writing about it.
The truth, of course, is that the message is bogus. It may claim to be trying to fight “scams under [the] SOPA and PIPA Act” (it’s not clear how those would be appropriate legislation to fight scams by the way), but the truth is that the advisory is the scam itself.
Ask yourself, why would Facebook encourage you to share the advisory with your Facebook friends? Surely it’s within their power to send a message like this to all Facebook users without having to ask for your help!
And if you click on the “Verify my Account now” link you are asked to approve a third-party app which will then have unfettered access to your Facebook profile, and be able to post messages in your name on your behalf.
You should always be very careful, of course, about allowing applications to read and write to your Facebook profile. And this time is no exception.
Clearly rogue applications like this could be used for scooping up personal information, or spreading spam and scams across the social network.
So if you fell for it, remove the messages from your timeline, revoke the app’s publishing rights and report it as spam to Facebook, and ensure that you have revoked its access to your account.
It would also be good if you reported any sightings of the rogue app, or the posts it makes, to Facebook’s security team by labelling them as spam.
By the way, Sophos’s security products can intercept the offending webpage, and prevent you from blundering into making a bad decision.
Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 180,000 people regularly share information on threats and discuss the latest security news.Follow @gcluley