Facebook Users Fall Prey To ‘Dislike’ Button Scam

Sophos is warning of a rogue Facebook application spreading virally across the social network. Disguised as an application for installing a “dislike” button, the scam tricks users into spreading messages via their status updates.

Two versions of the scam have been discovered by Sophos. The messages include the text: “I just got the Dislike button, so now I can dislike all of your dumb posts lol!!” or “Get the official DISLIKE button NOW!” followed by a link.

When Facebook users attempt to install the button, they give the rogue application access their profiles, enabling it to silently post and promote the link that tricked the users in the first place. The application finally asks users to complete an online survey, which makes money for the scammers, before pointing them to a Firefox browser add-on for a Facebook “dislike” button developed by FaceMod.

Facebook users want ‘dislike’ feature

According to Sophos, this scam is spreading particularly quickly, as many Facebook users have been calling for the introduction of an official “dislike” button, to run alongside the existing “like” button. This would allow them to express their opinions on other users’ posts, links and updates.

“This bogus feature differs from recent scams as those behind it aren’t preying on users’ curiosity about shocking videos or celebrity scandals. This scam is actually posing as something that many Facebook users want,” said Graham Cluley, senior technology consultant at Sophos.

“Facebook users should think carefully before they click on an unknown link in a friend’s status update as these scams are becoming increasingly common. Giving away personal information in a survey and allowing an application access to your profile is extremely risky and Facebook users need to wise up to this rather than just clicking on links that they see, just because they appear to be from a trusted source.”

Cluley explains that this is the latest in a series of “survey scams” that use a tried-and-tested formula to get users to click on links. Others in the past include “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”.

The new security frontier

At the RSA Conference earlier this year, Cluley explained that attacks on social networks work because people are more trusting of information that appears to be coming from people they know. Noting that many businesses have chosen to ban social networks, Cluley suggested enterprises instead consider educating their employees about social engineering risks, as well as other best practices such as not using the same password for multiple sites.

“Just remember – just because someone says they’re you’re friend, doesn’t mean they necessarily are,” he said.

This is particularly true given what some would describe as Facebook’s slack attitude to privacy – founder Mark Zuckerberg said in January he believes that users don’t require the same level of privacy they used to. For many hackers, social networks are the new security frontier, and with a user base of over half a billion, Facebook could become the number one target.