Sophos warns on fake Dislike button Facebook scam

August 16, 2010 Sophos Press Release

IT security and data protection firm Sophos is advising Facebook users to be wary of the latest survey scam spreading virally across the network. There are a number of variations of this scam, which sees users unwillingly update their Facebook status encouraging others to get the "official Dislike button". The scam is spreading quickly as many Facebook users have been calling for the introduction of an official "Dislike" feature which would allow them to express their opinions on other users' posts, links and updates.

Get the official dislike button NOW

Two versions of the scam have been discovered by Sophos, which involve the sharing of messages with the text:

"I just got the Dislike button, so now I can dislike all of your dumb posts lol!! LINK"

and

"Get the official DISLIKE button NOW! - LINK"

The viral scam, similar to many recent survey scams, tricks users into giving a rogue Facebook applications permission to access their profile, silently posting and promoting the link that tricked the user in the first place and spreading the message virally. At this stage, the user still does not have access to the "Dislike" feature and the application finally asks them to complete an online survey which makes money for the scammers.

"This bogus feature differs from recent scams as those behind it aren't preying on users' curiosity about shocking videos or celebrity scandals. This scam is actually posing as something that many Facebook users want," said Graham Cluley, senior technology consultant at Sophos. "Facebook users should think carefully before they click on an unknown link in a friend's status update as these scams are becoming increasingly common. Giving away personal information in a survey and allowing an application access to your profile is extremely risky and Facebook users need to wise up to this rather than just clicking on links that they see, just because they appear to be from a trusted source."

Impacted users should delete references to the Dislike button from their wall, and remove the offending application from Account/Application Settings.

More information about the attack can be found on Graham Cluley's blog