Beware the Justin Bieber erection Facebook scam

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

That’s possibly the most unlikely headline I’ve ever had to write in my computer security career, but never mind..

My guess is that regular readers of the Naked Security site might not be ardent fans of Justin Bieber – but chances are that some of you have young daughters or nieces who can’t get enough of the pint-sized pop hamster.

If that’s the case then they might be intrigued by a message that is spreading virally across the Facebook social network claiming to be footage of… and how can I put this delicately? I don’t think I can.. Justin Bieber with an erection.

Messages like the following are being seen:

Sign up to our free newsletter.
Security news, advice, and tips.

WTF !! I just saw that Justin Bieber got erection in a public interview.lol

WTF !! I just saw that Justin Bieber got erection in a public interview.lol

Probably not the type of message you would typically click on from your office computer, but maybe a young teenybopping music fan in your household would find the subject matter irresistible to investigate further.

And if they do click on the link they are taken to a Facebook page with the message “Justin Bieber gets a boner in Public !!!”, and an invitation to “Click to watch” a video.

Click to watch

The page contains a graphic claiming that the application is a “Facebook verified app” (which seems unlikely given the subject matter).

Would young female fans of Justin Bieber be likely to go further – I suspect so..

As is normal in scams like this on Facebook, you are then presented with a message from Facebook asking you to confirm that you are happy for the third party application to have all sorts of access to your Facebook account – including the ability to post messages to your wall.

This is your last chance to be sensible, and not put your account at risk. Unfortunately far too many people are tricked by social engineering to give suspicious third party apps like this full reign to mess around with their Facebook accounts. If they’re not using the modern day equivalent of David Cassidy to lure users into granting permission, they’re pretending to be new Facebook functionality like “Dislike” buttons, or pretending to be free tickets with an airline.

But if you do make the mistake of clicking further, then you will find that you are not watching a video of Bieber having trouser trouble, but instead being asked to take a survey.

Survey scam

Surveys like this generate revenue for the scammers who are behind the application – they earn commission for every survey that is completed.

In the background. meanwhile, the rogue application has abused your social networking account spreading the spam virally via your wall to your Facebook friends and family.

Message posted on victim's wall

It’s only natural that scams like this will continue for as long as users continue to fall for silly tricks like this, and the scammers continue to find it financially rewarding.

If you’ve been hit by a scam like this, remove references to it from your newsfeed, and revoke the right of rogue applications to access your profile via Account/ Privacy Settings/ Applications and Websites.

I’ve made a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams on Facebook:

[youtube=http://www.youtube.com/watch?v=Or-qR0Y300w&w=500&h=311&rel=0]

Don’t forget – if you know young people who use Facebook, you should warn them about scams like this and teach them not to trust every link that is placed in front of them.

If you’re a member of Facebook and want to learn more about security threats you should join the thriving community on the Sophos Facebook page.

Do you think Facebook is doing enough to stamp out survey scams like this, or is it the fault of the Facebook users themselves? Let us know what you think by leaving a comment below.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.