Thousands upon thousands of Facebook users have been hit by a new survey scam spreading virally across the social network.
Messages claiming to be users’ first ever Facebook status updates are being posted on users’ walls by a rogue application, designed to earn revenue for the scammers behind the attack.
Here’s what some typical messages look like:
My 1st St@tus was: "[random message"]. This was posted on [random date]
Find your 1st St@tus @ [LINK]
If you click on the link you are taken to a rogue Facebook application, which asks you to give it permission to access your profile, which includes giving it the ability to post from your account in your name.
Sadly, many people are all too quick to give permissions to rogue applications like this free reign to their Facebook account – allowing scams like this to spread rapidly and virally between Facebook friends.
If you are foolhardy enough to continue, you are taken to a webpage which contains a survey. This is where the scammers behind the scheme make their money.
Every survey which is completed earns them some commission. In some cases they might also ask for your mobile phone number in order to sign you up for an expensive premium-rate service.
And you? Well, you’ll find that the rogue application has meanwhile taken the opportunity to post a message on your Facebook page, which is now being seen by all of your online friends. When I deliberately infected a test account with the rogue application it got my first status message incorrect, as well as the date that I first posted to the Facebook account.
So, in other words, it’s a complete confidence trick. It doesn’t tell you your first status message on Facebook – and it’s only intention is to drive as many people as possible into sharing the link (which can vary – we have seen several examples) further and further across Facebook, earning the scammers money.
Regular readers of the Naked Security site will be all too familiar with survey scams and rogue applications, and realise the dangers in allowing an app written by unknown third parties to access their Facebook profile. But there are plenty of others out there on Facebook who are still oblivious to scams like this.
Here’s a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams:
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Keep your wits about you and stay informed about the latest scams spreading fast across Facebook. One of the best ways to do that is to join the Sophos Facebook page, where a 50,000-strong community is regularly sharing information on threats and discussing the latest security news.
Full story: Naked Security – Sophos
