Freely subscribe to our NEWSLETTER

Typical posts read:

“My 1st St@tus was: ‘[random message]’. This was posted on [random date]

Find your 1st St@tus @ [LINK]”

If users click on this link, which appears to be posted by a Facebook friend, they are taken to a rogue Facebook application. This application will then ask users to give it permission to access their profile. This gives the rogue application the ability to post the same message from the affected account. Users are also taken to a webpage which contains a survey. Those behind the scam make commission from the number of people completing this survey and in some cases, Facebook users might also be asked for their mobile phone numbers in order to sign them up for an expensive, premium-rate service.

“Sadly, many people are all too quick to give permission to rogue applications like this, giving the bad guys free reign of their Facebook account,” said Graham Cluley, senior technology consultant at Sophos. “If users allow these applications to access their profiles, they may well find that the application has posted a message on their Facebook page, which is visible to all of their online friends, helping to spread the scam further. I deliberately infected a test account with this application, and it didn’t even get my first status or the date correct! Unfortunately, by the time users realise this, they will already have helped the scammers by spreading the message across their network.”

Facebook users that have been affected should delete references to this scam from their wall, to avoid sharing it further with their online friends.

More information about the attack, including a video showing how to clean-up accounts, can be found on Sophos’s Naked Security site at:
http://nakedsecurity.sophos.com/2011/01/06/my-1st-sttus-scam

Sophos’s Facebook group, which warns of emerging threats on Facebook, can be found at: http://www.facebook.com/SophosSecurity