"Official Profile Viewer Application" Facebook scam
Posted on 11 April 2011.
After many, many offers of applications that supposedly show Facebook users who views their profile the most, has the time finally come when these lures don't work as they used to? Or have the scammers simply decided to increase the number of victims by simply adding that the application offered is "official"?

Whatever the reason, the offer differs from earlier ones in many aspects, and it seems that the scammers have pulled all the stops and have decided to take everything they can.

There is actually no "Official Profile Viewer Application" - rogue or legitimate. The Social Tagging Worldwide page asks the user to paste a JavaScript in his browser's address bar, claiming the process is designed to prove that the victim is a Facebook user.

What does the script actually do? It invites all his friends to join a Facebook group.

"When you explicitly enter a piece of JavaScript, you're effectively authorizing your browser to run that script in the context of the site you've just visited," explains Sophos. "You are effectively bypassing any sort of cross-site scripting protection which either the remote site - in this case, Facebook - or your browser might have in place."

Once he has done all this, he is asked to prove that he's a human by taking a survey that will also make him eligible for winning an iPhone or iPad. But, in order to enter in the competition for the wonderful prizes, there is another hurdle the user must cross: sending an SMS to a premium rate number, giving up his phone number and carrier and signing up for SMS marketing.

This scam has been cleverly designed to milk the most out of a duped user. A filled-out survey? Check! SMS to a premium rate number? Check! Phone number and carrier information that can be used or sold to other scammers? Check! And in the end, the users is none the wiser as to who is stalking him on Facebook.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th