We’re monitoring an on-going Facebook scam campaign that seems to be spreading faster than any campaign we’ve come across before.
What did this girl do on her webcam?
The scam starts with a user being tagged in a photo such as the one above. The photograph is posted in an album called “BBC News” to give it authenticity. It typically has over 100+ people tagged in it and it contains the following text: “Everyone do check what she did on cam …. — [URL]”
An example of what it would look like to see your friends tagged in this photo
The short URL typically redirects the users to a .info domain, which then takes the user to a Facebook Application Installation page.
Short URL redirects to the following Application Install Page
When a user allows the application, the scam continues with that user posting the same photo, tagging over 100 users in it and helping it propagate.
Over 100 Friends tagged in this scam
Users are also redirected to another .info domain, which contains a video that is gated by another form of a survey scam:
Facebook Verification Spam Bot – Freudian Slip?
The scammers have managed to be nimble enough to switch the campaign from one Short URL service to another. At first, this was spreading via Bit.ly:
Bit.ly Stats as this scam was first spreading
Over the course of an hour, this particular URL received over 80,000 clicks. However, the scam has since shifted to the Goo.gl Short URL service:
Goo.gl Short URL Statistics for this scam
In less than an hour, the goo.gl version of the scam has reached over 125,000 clicks.
Recommendations: First and foremost, don’t click on the link included in the description of the photograph. One of the things you can do to prevent your friends/family members from falling for this is to untag yourself from the photograph:
You can untag yourself from any photo
Additionally, you can report the image so that Facebook can take action against it (this is an important step):
You can help prevent this scam from spreading by reporting it
If you’ve been tricked into installing the application, visit the Privacy Settings page and click on ‘Edit Your Settings’ under Apps and Websites. Locate the Rogue Application under the Apps and Websites section (typically has the word “news” in it). Once you’ve located it under the ‘Apps You Use’ section, click on ‘Edit Settings’ in order to remove the application.
Scammers are finding new ways to trick users. The key here is to be aware and to keep your friends and family members in the loop about scams like this one. We can’t stress that enough.
Update: The goo.gl short URL has now logged over 220,000 clicks.
Over 220,000 clicks on the goo.gl short URL
Additionally, the scammers have also moved to TinyURL:
Scammers are also using tinyurl to lead users to the scam application
What does this scam actually do other than spread random images?
@Heather
well from my experience, I got the blue screen virus, my c drive checks for consistency, my laptop has locked up 3 times now, Norton will not finish scans, Norton Power Eraser will not complete and I couldn’t update my CCleaner.