The Anatomy of an
The “see who viewed your profile” scam is not just a matter of the past, but one of the present and of the future, it seems. This week brings into the spotlight one of the more aggressive variants of the Profile Peekers application, which promises to offer information on your “total profile views”.
What’s different this time? Well, the fact that among other permissions, the application requires commenting rights from the user who has fallen into the trap. Once this right is granted and the app is in your Facebook app portfolio, you’ve got yourself as a truly malicious spokesperson that will get you in trouble with your friends.
This is a very productive comment generator, so you’ll suddenly appear as an active commentator on pages that you’ve liked, on friend’s pages, as reactions to their status updates, etc. What’s even more interesting is that if other people try to delete the comments the app automatically posts in your name, they won’t be able to do it (or they will, but the comment will re-appear in a matter of seconds) and you might end up being flagged and, therefore, banned because of this nuisance.
Here’s another hue that adds to the spectacular nature of the “profile views” scam landscape. Another version of this scam takes a step further on the social engineering side and it actually puts a number on the table. In the case illustrated below, it’s 5714. But it can also go much higher.
That’s bound to send a painful arrow through anyone’s ego (how many admirers do I have?) Very unlikely? Think again. Statistics will prove you wrong.
As usual, there are several URLs that help the scam spread. In the past 5 days, BitDefender Safego detected 263 URLs shortened with the bit.ly service and, as expected, the resulting click crop is impressive: approximately one and a half million. Mind you, this is just one slice of the pie the “See who viewed your profile” scam has got its hands on. Bit.ly is among the best known URL shortening services, but there are a lot of other such services out there and some of them do not provide statistics on the number of clicks a specific URL has generated.
Coming back to the scam mechanism, if one of your friend’s number of total views has caught your eye and you’ve clicked the link, there follows the mandatory step of installing the Pro Watcher.
Once they yield in to the temptation, those who are really keen on finding out the size of their fan base get into the classic, by now, maze of quizzes that must absolutely be taken before the much expected answer is delivered.
Notice the teasing background: a list of potential admirers and of figures indicating how busy your fans have been browsing your profile. Admit it: it’s so close, you can almost feel your fingers tingle with excitement. The credit here goes entirely to the social engineer who is probably a Fata Morgana connoisseur.
Just like any other scam that’s striving for perfection, this variant will go full circle and post on your wall the results of your exploit (funny choice of words, isn’t it?). In this way, your friends will have hard evidence of your having used this app and they’ll get into the “profile views” loop as well.
P.S. Time for a confession now: I’m a Facebook addict. You didn’t suspect it, did you? Don’t worry, I’m not going to turn this column into a therapy session. Just wanted to draw your attention to a recent interesting scam which feeds exactly on the very tight bond Facebook users have built with this platform. It’s a “Find out your addiction level” trick.
Install an app and there goes your peace of mind.
BitDefender safego users are protected from all of these scams.
This article is based on the technical information provided courtesy of George Petre, BitDefender Threat Intelligence Team Leader
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of their respective owners.