18 months later, and Facebook Profile Viewer rogue apps still successfully tricking users

18 months later, and Facebook still failing to stop Profile Viewer rogue apps

Back in January 2011, I wrote an article bemoaning the state of Facebook security, and specifically its apparent inability to stamp out fake messages which claim to let you find out who has viewed your Facebook profile.

18 months on, and has anything changed?

Seemingly not, judging by the messages many Facebook users are seeing in their newsfeed.

Profile viewer scam message

COOL!! i cant believe its real and official we can now see who's viewing our profile, Check Who's Viewing Your Profile here: [LINK]

Here are some other variations, where the messages are being spread via shared photos on the social network:

Profile viewer scam message

Profile viewer scam message

Typically such messages, shared with you by your already-duped Facebook friends, lead to a rogue application or money-making online survey.

Once you have handed access of your account over to a rogue app, the scammers behind it can post whatever they like to your profile – including spammy and malicious links.

Profile viewer scam message

And these scams aren’t just a problem today – there has been a constant stream of them hitting the accounts of innocent Facebook users, day after day, week after week.

I’m sure Facebook’s security team have the best intentions, but my guess is that they are putting less focus on rogue apps and survey scams than other attacks on the site’s 900 million users. These scams may not be as important as Facebook-aware malware and site-wide vulnerabilities, but they still need to dealt with.

Facebook isn’t prepared to vet apps, leaving the door open for anyone to write a rogue application that can be used to hijack the accounts of the unwary.

Profile Viewer scamRogue applications can be used to scoop up personal information, or spread spam and scams rapidly across the social network. If you mistakenly installed a rogue app, remove the messages from your timeline, revoke the app’s publishing rights and report it as spam to Facebook, and ensure that you have revoked its access to your account.

And don’t forget – Facebook does not give you any way to find out who has been viewing your profile. Any application or link which claims it can reveal to you who has should be treated with great suspicion.

Make sure that you keep informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos page on Facebook, where over 180,000 people regularly share information on threats and discuss the latest security news.