Sunday 31 October 2010

Girl’s sexy Facebook video is disguise for survey scam | Naked Security

Earlier this month I wrote about a scam spreading virally on Facebook that posed as a video of a father catching his daughter on a webcam.

A new version of the scam is now spreading with a slightly different disguise. As a lot of people seem to being affected by it (haven't folks learnt by now about these scams?) it seems worth documenting.

The first thing you will probably see is one of your Facebook friends posting a message like this:

OMG!!!! Girl Caught by Dad While Making Video on Facebook
OMG!!!!! Girl Caught at Home --> <link>

Other versions may say:

OMG!!!!! Girl Caught by Dad While Making a Sexy Webcam Video --> <link>

Clicking on the link isn't such a wise idea. You'll be taken to a webpage called "Dad Catches Daughter Making A Sexy Webcam Video".

To try to reassure that all is safe, you the hackers have placed a message on the page saying

"Facebook has marked this application as safe"

with a reassuringly green tick next to it.

But don't be fooled by such elementary tricks, this is definitely a scam, and the next page attempts to trick you into giving the third party application access to your Facebook profile, post to your wall, access information about your friends, and even hand over permission for it to spam you in future.

Despite all the warnings, millions of people have proved themselves in recent months to be susceptible to scams like this, such is their desire to view lurid videos of football sex cheats or learn how to find out who has blocked them on Facebook.

If you do click further you'll be presented with a revenue-generating survey (which makes money for the people behind the Facebook application), before you finally get to watch a rather silly YouTube video.

Of course, if you really want to watch the video you could just go to YouTube. You don't have to allow complete strangers access to your Facebook profile or complete a survey which makes them money.

Let me make a guess here. You don't want rogue Facebook apps like this to be able to access your profile, right? :) So go into your settings and revoke their access before they can do any more harm. Also, warn your friends about the threat, as it's quite possible you have shared the link with them.

I've informed both Facebook and bit.ly (the short url service being used in the links) about this threat. Bit.ly has responded and have shut down the link - although, of course, it's perfectly possible that the scammers could start using another one.

If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

Do you think Facebook is doing enough to stamp out survey scams like this, or is it the fault of the Facebook users themselves? Let us know what you think by leaving a comment below.