Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Sophos: Thousands of Facebook users hit by new scam designed to earn revenue for scammers

January 2011 by Sophos

IT security and control firm Sophos is warning Facebook users about the latest survey scam which is spreading virally across the social network. Messages claiming to share the users’ first ever Facebook status updates are being posted on users’ walls by a rogue application.

Typical posts read:

“My 1st St@tus was: ‘[random message]’. This was posted on [random date]

Find your 1st St@tus @ [LINK]”

If users click on this link, which appears to be posted by a Facebook friend, they are taken to a rogue Facebook application. This application will then ask users to give it permission to access their profile. This gives the rogue application the ability to post the same message from the affected account. Users are also taken to a webpage which contains a survey. Those behind the scam make commission from the number of people completing this survey and in some cases, Facebook users might also be asked for their mobile phone numbers in order to sign them up for an expensive, premium-rate service.

“Sadly, many people are all too quick to give permission to rogue applications like this, giving the bad guys free reign of their Facebook account,” said Graham Cluley, senior technology consultant at Sophos. “If users allow these applications to access their profiles, they may well find that the application has posted a message on their Facebook page, which is visible to all of their online friends, helping to spread the scam further. I deliberately infected a test account with this application, and it didn’t even get my first status or the date correct! Unfortunately, by the time users realise this, they will already have helped the scammers by spreading the message across their network.”

Facebook users that have been affected should delete references to this scam from their wall, to avoid sharing it further with their online friends.

More information about the attack, including a video showing how to clean-up accounts, can be found on Sophos’s Naked Security site at:
http://nakedsecurity.sophos.com/201...

Sophos’s Facebook group, which warns of emerging threats on Facebook, can be found at: http://www.facebook.com/SophosSecurity




See previous articles

    

See next articles