Sophos has discovered a scam hitting the Video Calling feature added to Facebook last week. Chester Wisniewski, senior security advisor at Sophos Canada, details the ploy on the company’s Naked Security blog.

Rather than taking advantage of a loophole in the application, the scammers have preyed on Facebook’s failure to call the system Video Chat, which is certainly overused and possibly someone’s copyright.

Permission To Scam And Spam

The trick works by sending Facebook users an offer to join “Video Chat and Phone”, which many people have taken to be the official Skype-driven service. Because they think it is an official application, the victims happily click on a dialog box that asks for permission to access their posts, friends and other personal details, and to write messages to their walls.

In the rush to get involved with the video revolution, the users fail to ask a simple question – why would Facebook ask for permission when it already has access to all this information. It is not in Facebook’s nature to ask permission.

Wisniewski points out that the permission requested is for anytime access: “Strange, if it were a video calling app it would presumably only need to access my data when I am using it, right?” he wrote.

“Fortunately, aside from being a better social engineering trick than many Facebook scams,” he said, “this one simply spams your friends and leads you to the ubiquitous surveys to fill out and generate referral fees for the criminals.”

Wisniewski advises that any wall post from a friend saying “Enable video calls” should be ignored. The recipient should also contact the sender to say that they have been scammed and to shut off the Video Chat app.

Sophos is watching the video facility with caution and Paul Ducklin, Sophos’s head of technology for Asia Pacific, has also warned of possible scams in a separate blog.

Wisniewski concludes: “I am sure this won’t be the last scam targeting folks who wish to use Facebook’s new service. Never download executables or other content proclaiming to enable the service.”

Scam dialog

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago