Typical posts read:
“My 1st St@tus was: ‘[random message]’. This was posted on [random date]
Find your 1st St@tus @ [LINK]”
If users click on this link, which appears to be posted by a Facebook friend, they are taken to a rogue Facebook application.
This application will then ask users to give it permission to access their profile. This gives the rogue application the ability to post the same message from the affected account.
Users are also taken to a webpage which contains a survey. Those behind the scam make commission from the number of people completing this survey and in some cases, Facebook users might also be asked for their mobile phone numbers in order to sign them up for an expensive, premium-rate service.
“Sadly, many people are all too quick to give permission to rogue applications like this, giving the bad guys free reign of their Facebook account,” said Graham Cluley, senior technology consultant at Sophos. “If users allow these applications to access their profiles, they may well find that the application has posted a message on their Facebook page, which is visible to all of their online friends, helping to spread the scam further. I deliberately infected a test account with this application, and it didn’t even get my first status or the date correct! Unfortunately, by the time users realize this, they will already have helped the scammers by spreading the message across their network.”
Facebook users that have been affected should delete references to this scam from their wall, to avoid sharing it further with their online friends.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.