Sophos is warning of a rogue Facebook application spreading virally across the social network. Disguised as an application for installing a “dislike” button, the scam tricks users into spreading messages via their status updates.
Two versions of the scam have been discovered by Sophos. The messages include the text: “I just got the Dislike button, so now I can dislike all of your dumb posts lol!!” or “Get the official DISLIKE button NOW!” followed by a link.
When Facebook users attempt to install the button, they give the rogue application access their profiles, enabling it to silently post and promote the link that tricked the users in the first place. The application finally asks users to complete an online survey, which makes money for the scammers, before pointing them to a Firefox browser add-on for a Facebook “dislike” button developed by FaceMod.
According to Sophos, this scam is spreading particularly quickly, as many Facebook users have been calling for the introduction of an official “dislike” button, to run alongside the existing “like” button. This would allow them to express their opinions on other users’ posts, links and updates.
“Facebook users should think carefully before they click on an unknown link in a friend’s status update as these scams are becoming increasingly common. Giving away personal information in a survey and allowing an application access to your profile is extremely risky and Facebook users need to wise up to this rather than just clicking on links that they see, just because they appear to be from a trusted source.”
Cluley explains that this is the latest in a series of “survey scams” that use a tried-and-tested formula to get users to click on links. Others in the past include “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”.
At the RSA Conference earlier this year, Cluley explained that attacks on social networks work because people are more trusting of information that appears to be coming from people they know. Noting that many businesses have chosen to ban social networks, Cluley suggested enterprises instead consider educating their employees about social engineering risks, as well as other best practices such as not using the same password for multiple sites.
“Just remember – just because someone says they’re you’re friend, doesn’t mean they necessarily are,” he said.
This is particularly true given what some would describe as Facebook’s slack attitude to privacy – founder Mark Zuckerberg said in January he believes that users don’t require the same level of privacy they used to. For many hackers, social networks are the new security frontier, and with a user base of over half a billion, Facebook could become the number one target.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…