You know the saying about buses - you don't see one for ages, then three come along at once.
Facebook scams and hoaxes are a bit like that, except for the "you don't see one for ages" part.
But, judging by the most popular articles on Naked Security over the past couple of weeks, large-scale hoaxes and scams do somtimes come in threes.
A trifecta of long-running Facebook falsehoods has topped the charts recently.
Firstly, it was Talking Angela, the chatbot cat that was accused of all sorts of dubious behaviour - including behaviour that isn't programmed into the software, couldn't have happened, yet was widely and regularly reported by people claiming "I saw it with my own eyes."
Secondly, it was the annual "Facebook will close from 29-31 February" hoax, circulated presumably as a joke but apparently taken seriously by some.
Now, it's the venerable "Girl killed herself video" bait-and-switch scam, already in its fifth year, that is making a reappearance.
→ Hoaxes and scams aren't the same, but they are similar in how they end up being shared over and over again. Generally, hoaxes are bogus warnings that spread because people forward them on the assumption that it's better to be safe than sorry. Scams are bogus links that spread because people forward them in return for some illusory benefit, such as access to an intriguing-sounding video.
We've written about the "Girl killed herself" video before, right back to 2010.
There are numerous variations on the theme, but the premise is often that a teenager committed suicide in shame after being caught out, perhaps by her own father, in some sort of inappropriate online activity.
There's a video, and you're invited to watch.
Here's how this sort of scam plays out, based on one of the versions circulating right now:
1. One of your friends Shares a link along the lines of "Girl killed herself live on cam."
2. It comes from a friend, so you click the link and arrive at a page that doesn't overtly claim to be affiliated with Facebook, but nevertheless uses visual clues to make it look more official than it is.
3. You're invited to Like the publisher's Facebook page, a request that seems routine and harmless enough:
4. If you take a look, the publisher's page was recently created and might best be described as uninspired and uninspiring, but it seems harmless enough, perhaps leading you into a false sense of safety. (Banality is a surprisingly good cover for scammers, when you think about it.)
5. You can skip past the Like popup, but before you watch the video, you are forced to Share it:
6. And once you have shared it, you need to answer some questions as a sort of CAPTCHA - one of those tests to prove you're a person, in this case a person who's old enough to watch adult videos:
→ CAPTCHA stands for Completely Automated Procedure for Telling Computers and Humans Apart. CAPTCHAs are challenges that are meant to be reasonably easy for humans to work out, but tricky for computers to process accurately. Examples include reading fuzzy characters against a distracting background, or answering arithmetical questions written out longhand using words, not symbols.
Except that the questions to prove you are elegibile are, in fact, pay-per-click surveys or special offer pages that clock up revenue for the scammers every time someone fills them in:
There's no video at the end. (Even if there were, you'd already have Shared the post and taken a money-making survey or been fronted by a special offer.)
That's why this sort of thing is called bait-and-switch: the video is the bait and the survey is the switch.
Other recurring themes for the bait videos that are in circulation at the moment include: "eaten by a polar bear", "hidden sex cam in toilet" and "girls fighting.'
Don't try, don't buy, don't reply
Here are three tips to help you to assist in breaking the recurring cycle of video scams.
1. Don't Share or Like anything as a prerequisite for viewing it.
We shouldn't really have to say this, but we're going to anyway.
How can you possibly say whether you like something before you know what it is?
That's absurd - it's like a notary certifying a copy of a document without sighting the original.
More importantly, why would you want to recommend something you've never seen?
And - be honest with yourself - if you were interviewing job candidates, and realised from Facebook that they were not only willing to promote odious online drivel like "hidden sex cam in toilet," but also willing to endorse such drivel without actually knowing if it even existed...
...what sort of conclusions might you draw about those candidates' reliability and attention to detail?
2. Logout from Facebook whenever you can.
It's very convenient to stay logged in to Facebook all the time, not least because it means you get to see status updates and online messages as soon as they are available.
It's especially tempting to stay logged in on your mobile device, if only because passwords are harder (and take much longer) to type in using the abbreviated onscreen keyboards found on devices such as iPhones and Androids.
But logout whenever you can.
That way, even if you do click on an inapproriate Share or Like, then you will see an unexpected Facebook login page appear as a warning.
If you have ever Liked or Shared something by mistake (you have, haven't you?), or had malware do it for you, then you will know how handy it would have been to have a chance to head off your unwanted post at the pass.
3. Think of your friends.
The reason crooks love Facebook Shares is that thay are direct endorsements to your friends.
Your friends are much more inclined to react positively to your personal on-line Facebook recommendations than, say, to unsolicited emails or obvious adverts.
To break the cycle of scams of this sort, we need to stop letting ourselves get drawn in, and we need to stop persuading our friends and family to get drawn in, too.
Are you really so hard up for amusing or interesting content online that you are willing to promote "man eaten by a snake" videos to your friends at all, let alone to promote videos that don't even exist?
Be aware before you Share!