Sophos is warning of a rogue Facebook application spreading virally across the social network. Disguised as an application for installing a “dislike” button, the scam tricks users into spreading messages via their status updates.
Two versions of the scam have been discovered by Sophos. The messages include the text: “I just got the Dislike button, so now I can dislike all of your dumb posts lol!!” or “Get the official DISLIKE button NOW!” followed by a link.
When Facebook users attempt to install the button, they give the rogue application access their profiles, enabling it to silently post and promote the link that tricked the users in the first place. The application finally asks users to complete an online survey, which makes money for the scammers, before pointing them to a Firefox browser add-on for a Facebook “dislike” button developed by FaceMod.
According to Sophos, this scam is spreading particularly quickly, as many Facebook users have been calling for the introduction of an official “dislike” button, to run alongside the existing “like” button. This would allow them to express their opinions on other users’ posts, links and updates.
“Facebook users should think carefully before they click on an unknown link in a friend’s status update as these scams are becoming increasingly common. Giving away personal information in a survey and allowing an application access to your profile is extremely risky and Facebook users need to wise up to this rather than just clicking on links that they see, just because they appear to be from a trusted source.”
Cluley explains that this is the latest in a series of “survey scams” that use a tried-and-tested formula to get users to click on links. Others in the past include “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”.
At the RSA Conference earlier this year, Cluley explained that attacks on social networks work because people are more trusting of information that appears to be coming from people they know. Noting that many businesses have chosen to ban social networks, Cluley suggested enterprises instead consider educating their employees about social engineering risks, as well as other best practices such as not using the same password for multiple sites.
“Just remember – just because someone says they’re you’re friend, doesn’t mean they necessarily are,” he said.
This is particularly true given what some would describe as Facebook’s slack attitude to privacy – founder Mark Zuckerberg said in January he believes that users don’t require the same level of privacy they used to. For many hackers, social networks are the new security frontier, and with a user base of over half a billion, Facebook could become the number one target.
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…