IT security and data protection firm Sophos is advising Facebook
users to be wary of the latest survey scam spreading virally across
the network. There are a number of variations of this scam, which
sees users unwillingly update their Facebook status encouraging
others to get the "official Dislike button". The scam is spreading
quickly as many Facebook users have been calling for the
introduction of an official "Dislike" feature which would allow
them to express their opinions on other users' posts, links and
updates.
Two versions of the scam have been discovered by Sophos, which
involve the sharing of messages with the text:
"I just got the Dislike button, so now I can
dislike all of your dumb posts lol!! LINK"
and
"Get the official DISLIKE button NOW! -
LINK"
The viral scam, similar to many recent survey scams, tricks
users into giving a rogue Facebook applications permission to
access their profile, silently posting and promoting the link that
tricked the user in the first place and spreading the message
virally. At this stage, the user still does not have access to the
"Dislike" feature and the application finally asks them to complete
an online survey which makes money for the scammers.
"This bogus feature differs from recent scams as those behind it
aren't preying on users' curiosity about shocking videos or
celebrity scandals. This scam is actually posing as something that
many Facebook users want," said Graham
Cluley, senior technology consultant at Sophos. "Facebook users
should think carefully before they click on an unknown link in a
friend's status update as these scams are becoming increasingly
common. Giving away personal information in a survey and allowing
an application access to your profile is extremely risky and
Facebook users need to wise up to this rather than just clicking on
links that they see, just because they appear to be from a trusted
source."
Impacted users should delete references to the Dislike button
from their wall, and remove the offending application from
Account/Application Settings.
More information about the attack can be found on
Graham Cluley's blog
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.