Thousands of victims have fallen for a unusually stubborn scam circulating in various forms on Facebook promising to show users who has been looking at their profile, warns BitdefenderÂ®, the award-winning provider of innovative antivirus solutions.
Dozens of â€œguess who saw your profileâ€ apps, with promises to reveal information about Facebook stalkers and viewers, have collectively exposed thousands of Facebook users to a serious risk of identity fraud, with one scam alone generating more than 5,000 â€œlikesâ€ as it claims unwitting victims. By stealing Access Tokens, these apps may post on users timeline, access their pictures and personal information for phishing, fraud and targeted spam attacks.
â€œIt’s interesting to see this scam re-emerging but curiosity is a powerful lure, and this is something we’ve been advocating for years when it comes to the way Facebook criminals employ curiosity to trap victims,â€ said Bitdefender Chief Security Strategist Catalin Cosoi. â€œOnce trapped, the user is then unwittingly duped into `likingâ€™ the scam and passing it on to curious friends. Your identity is stolen and you put your friends at risk at the same time. Itâ€™s key to remember this: No legit application is able to show us whoâ€™s looking at your Facebook account.â€
After highjacking a legit photo application with all its permissions, one of the scams lures users with a three-step process to allegedly track their profile viewers. Users are instead sending their access tokens directly to cyber-criminalsâ€™ data base. The scam also promotes other suspicious social and dating applications, seeking information about usersâ€™ friends and automatically posting on their timelines.
This type of scam also makes victims in French-speaking countries, with messages such as â€œEnorme Remerciement a l’equipe Facebook pour nous avoir finallement donne quelque chose pour voir qui visite notre profil!â€ (â€œBig thanks to the Facebook team for finally giving us a tool to view who visits our profileâ€).
Other popular scams making victims on Facebook include â€œSee total friends who deleted youâ€,Â â€œGoodbye blue Facebook,â€ and â€œGet your free 5000 Facebook credits.â€
Bitdefender blocks this type of application as fraud and advises users to keep their browser, software and antivirusÂ updated. Users can also install the free application Safego, which protects Facebook and Twitter accounts from scams, spam, malware and private data exposure.
This article is based on the technical information provided courtesy of Andrei Serbanoiu, Bitdefender Software Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.