facebook(low)

SophosLab: Once again, a rogue application is spreading virally between Facebook users pretending to offer you a way of seeing who has viewed your profile.

As we’ve described a couple of times before, plenty of Facebook users would *love* to know who has been checking them out online.. but unfortunately scammers are aware of this, and use the lure of such functionality as a way to trick you into making bad decisions.

Messages spreading rapidly across the Facebook social network right now say:

OMG OMG OMG… I cant believe this actually works! Now you really can see who viewed your profile! on [LINK]

omg-1

If you’re tempted to click on the link you’re taken to a webpage which encourages you to go a little deeper and permit an application to have access to your Facebook profile.

omg-2

omg-3

But do you really want complete strangers to be able to email you, access your personal data and even post messages to any Facebook pages you may administer?

If you’ve got this far then you really shouldn’t go any further. Scams like this have been used to earn commission for the mischief makers behind them, who have no qualms about using your Facebook profile to spread their spammy links even further.

Because if you do continue, you’ll find that your profile will be yet another victim of the viral scam – spreading the message to all of your online Facebook friends and family. And no, you don’t ever find out who has been viewing your profile.

omg-4

Ever wondered how many people fall for a scam like this? Well, the figures can be shocking. This current campaign is using a variety of different links – but via bit.ly we can see that at least one of them has already tricked nearly 60,000 people into clicking.

omg-5

I’ve informed the security teams at both bit.ly and Facebook about these links, and requested that they be shut down as soon as possible.

Always think before you add an unknown application on Facebook, and ask yourself if you’re really comfortable with ceding such power to complete strangers. Rogue application attacks like this, spreading virally, are becoming increasingly common – and do no good for anyone apart from the scammers behind them.

If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

And don’t forget to warn your friends about scams like this and teach them not to trust every link that is placed in front of them. You can learn more about security threats by joining the thriving community on the Omid’s Network Facebook page.