Sophos is warning of a rogue Facebook application spreading virally across the social network. Disguised as an application for installing a “dislike” button, the scam tricks users into spreading messages via their status updates.
Two versions of the scam have been discovered by Sophos. The messages include the text: “I just got the Dislike button, so now I can dislike all of your dumb posts lol!!” or “Get the official DISLIKE button NOW!” followed by a link.
When Facebook users attempt to install the button, they give the rogue application access their profiles, enabling it to silently post and promote the link that tricked the users in the first place. The application finally asks users to complete an online survey, which makes money for the scammers, before pointing them to a Firefox browser add-on for a Facebook “dislike” button developed by FaceMod.
According to Sophos, this scam is spreading particularly quickly, as many Facebook users have been calling for the introduction of an official “dislike” button, to run alongside the existing “like” button. This would allow them to express their opinions on other users’ posts, links and updates.
“Facebook users should think carefully before they click on an unknown link in a friend’s status update as these scams are becoming increasingly common. Giving away personal information in a survey and allowing an application access to your profile is extremely risky and Facebook users need to wise up to this rather than just clicking on links that they see, just because they appear to be from a trusted source.”
Cluley explains that this is the latest in a series of “survey scams” that use a tried-and-tested formula to get users to click on links. Others in the past include “Justin Bieber trying to flirt”, “Student attacked his teacher and nearly killed him”, “the biggest and scariest snake” and the “world’s worst McDonald’s customer”.
At the RSA Conference earlier this year, Cluley explained that attacks on social networks work because people are more trusting of information that appears to be coming from people they know. Noting that many businesses have chosen to ban social networks, Cluley suggested enterprises instead consider educating their employees about social engineering risks, as well as other best practices such as not using the same password for multiple sites.
“Just remember – just because someone says they’re you’re friend, doesn’t mean they necessarily are,” he said.
This is particularly true given what some would describe as Facebook’s slack attitude to privacy – founder Mark Zuckerberg said in January he believes that users don’t require the same level of privacy they used to. For many hackers, social networks are the new security frontier, and with a user base of over half a billion, Facebook could become the number one target.
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…