Sophos has discovered a scam hitting the Video Calling feature added to Facebook last week. Chester Wisniewski, senior security advisor at Sophos Canada, details the ploy on the company’s Naked Security blog.

Rather than taking advantage of a loophole in the application, the scammers have preyed on Facebook’s failure to call the system Video Chat, which is certainly overused and possibly someone’s copyright.

Permission To Scam And Spam

The trick works by sending Facebook users an offer to join “Video Chat and Phone”, which many people have taken to be the official Skype-driven service. Because they think it is an official application, the victims happily click on a dialog box that asks for permission to access their posts, friends and other personal details, and to write messages to their walls.

In the rush to get involved with the video revolution, the users fail to ask a simple question – why would Facebook ask for permission when it already has access to all this information. It is not in Facebook’s nature to ask permission.

Wisniewski points out that the permission requested is for anytime access: “Strange, if it were a video calling app it would presumably only need to access my data when I am using it, right?” he wrote.

“Fortunately, aside from being a better social engineering trick than many Facebook scams,” he said, “this one simply spams your friends and leads you to the ubiquitous surveys to fill out and generate referral fees for the criminals.”

Wisniewski advises that any wall post from a friend saying “Enable video calls” should be ignored. The recipient should also contact the sender to say that they have been scammed and to shut off the Video Chat app.

Sophos is watching the video facility with caution and Paul Ducklin, Sophos’s head of technology for Asia Pacific, has also warned of possible scams in a separate blog.

Wisniewski concludes: “I am sure this won’t be the last scam targeting folks who wish to use Facebook’s new service. Never download executables or other content proclaiming to enable the service.”

Scam dialog

Eric Doyle, ChannelBiz

Eric is a veteran British tech journalist, currently editing ChannelBiz for NetMediaEurope. With expertise in security, the channel, and Britain's startup culture, through his TechBritannia initiative

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

13 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

15 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

16 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

17 hours ago